Thursday, January 23, 2025
HomeCyber CrimeHackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit...

Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data

Published on

SIEM as a Service

Follow Us on Google News

Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints. 

Using Remote Access Software, the fraudsters can then steal credit card information and conduct unauthorized transactions that circumvent traditional OTP-based security measures, highlighting the evolving nature of cybercrime and the need for enhanced user education and more robust security protocols.

Multiple customers reported fraudulent activities initiated through phone calls. In each case, callers posing as government officials instructed victims to download legitimate government applications and the remote access software AnyDesk. 

This unauthorized access enabled the perpetrators to execute unauthorized financial transactions, including credit card withdrawals and bank account deductions, without the victims’ explicit consent or knowledge.

A diagram of how an impersonation and remote access scam is carried out.
A diagram of how an impersonation and remote access scam is carried out.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

A stealer’s malware infects a consumer’s device, exfiltrating their personal information, including contact details, which are then leaked onto the dark web. 

Fraudsters exploit this data to impersonate government officials, offering assistance with a fabricated consumer complaint where they socially engineer the victim into installing a legitimate government application and a remote access tool. 

Leveraging screen sharing, the scammers guide the victim to upload their credit card photo and intercept incoming OTPs, enabling them to complete unauthorized online transactions using the stolen information.

RedLine Stealer, a prevalent malware, exploits vulnerabilities to infiltrate systems and targets sensitive data like passwords, cookies, and cryptocurrency wallets, often distributed through phishing and infected software. 

Its user-friendly interface and accessibility on underground forums empower both novice and experienced cybercriminals, posing a significant threat to individuals and organizations.

The sophisticated fraud scheme, likely orchestrated by organized criminal groups in the Middle East, targets victims through social engineering tactics, including impersonating government officials. 

By using remote access tools (RATs), attackers gain control of victims’ devices, intercepting One-Time Passwords (OTPs) to authorize fraudulent transactions, which include high-value purchases from online stores and e-wallet top-ups, facilitating rapid cash-out through mule accounts. 

Attackers employ advanced techniques like VPNs and dedicated IP ranges to mask their origin and pose significant financial risks, with average losses per transaction exceeding US$1,300 and the potential for substantial individual losses.

The scheme leverages compromised government portals to obtain user data, enabling fraudsters to impersonate officials and socially engineer victims into divulging card details. 

To mitigate this, government agencies must enhance account security and implement robust ATO defenses that involve integrating threat intelligence, monitoring user behavior, and implementing robust anti-fraud processes, including 3DS authentication with enhanced behavioral analysis. 

According to Group-IB, users must prioritize digital hygiene, avoid sharing sensitive information, and be wary of unsolicited calls or requests for software installations.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...