Hackers Concentrating on Human Rights Activists in Morocco and Western Sahara

Apr 09, 2024NewsroomCyber Espionage / Malware

Human rights activists in Morocco and the Western Sahara area are the targets of a brand new menace actor that leverages phishing assaults to trick victims into putting in bogus Android apps and serve credential harvesting pages for Home windows customers.

Cisco Talos is monitoring the exercise cluster underneath the title Starry Addax, describing it as primarily singling out activists related to the Sahrawi Arab Democratic Republic (SADR).

Starry Addax’s infrastructure – ondroid[.]web site and ondroid[.]retailer – is designed to focus on each Android and Home windows customers, with the latter involving faux web sites masquerading as login pages for fashionable social media web sites.

Cybersecurity

The adversary, believed to be lively since January 2024, is understood to ship spear-phishing emails to targets, urging recipients to put in Sahara Press Service’s cellular app or a related decoy associated to the area.

Relying on the working system from the place the request is originating from, the goal is both served a malicious APK that impersonates the Sahara Press Service or redirected to a social media login web page to reap their credentials.

Starry Addax Hackers

The novel Android malware, dubbed FlexStarling, is flexible and geared up to ship extra malware elements and steal delicate data from contaminated units.

As soon as put in, it requests the sufferer to grant it intensive permissions that permit the malware to carry out nefarious actions, together with fetching instructions to be executed from a Firebase-based command-and-control (C2), an indication that the menace actor is trying to fly underneath the radar.

“Campaigns like this that target high-value individuals usually intend to sit quietly on the device for an extended period,” Talos stated.

Cybersecurity

“All components from the malware to the operating infrastructure seem to be bespoke/custom-made for this specific campaign indicating a heavy focus on stealth and conducting activities under the radar.”

The event comes amid the emergence of a brand new business Android distant entry trojan (RAT) often known as Oxycorat that is being provided on the market with numerous data gathering capabilities.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

Dec 17, 2024Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

LEAVE A REPLY

Please enter your comment!
Please enter your name here