Hackers Concentrating on Human Rights Activists in Morocco and Western Sahara

Apr 09, 2024NewsroomCyber Espionage / Malware

Human rights activists in Morocco and the Western Sahara area are the targets of a brand new menace actor that leverages phishing assaults to trick victims into putting in bogus Android apps and serve credential harvesting pages for Home windows customers.

Cisco Talos is monitoring the exercise cluster underneath the title Starry Addax, describing it as primarily singling out activists related to the Sahrawi Arab Democratic Republic (SADR).

Starry Addax’s infrastructure – ondroid[.]web site and ondroid[.]retailer – is designed to focus on each Android and Home windows customers, with the latter involving faux web sites masquerading as login pages for fashionable social media web sites.

Cybersecurity

The adversary, believed to be lively since January 2024, is understood to ship spear-phishing emails to targets, urging recipients to put in Sahara Press Service’s cellular app or a related decoy associated to the area.

Relying on the working system from the place the request is originating from, the goal is both served a malicious APK that impersonates the Sahara Press Service or redirected to a social media login web page to reap their credentials.

Starry Addax Hackers

The novel Android malware, dubbed FlexStarling, is flexible and geared up to ship extra malware elements and steal delicate data from contaminated units.

As soon as put in, it requests the sufferer to grant it intensive permissions that permit the malware to carry out nefarious actions, together with fetching instructions to be executed from a Firebase-based command-and-control (C2), an indication that the menace actor is trying to fly underneath the radar.

“Campaigns like this that target high-value individuals usually intend to sit quietly on the device for an extended period,” Talos stated.

Cybersecurity

“All components from the malware to the operating infrastructure seem to be bespoke/custom-made for this specific campaign indicating a heavy focus on stealth and conducting activities under the radar.”

The event comes amid the emergence of a brand new business Android distant entry trojan (RAT) often known as Oxycorat that is being provided on the market with numerous data gathering capabilities.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

PAN-OS Firewall Vulnerability Underneath Energetic Exploitation – IoCs Launched

Nov 16, 2024Ravie LakshmananVulnerability / Community Safety Palo Alto Networks...

Iranian Hackers Deploy WezRat Malware in Assaults Concentrating on Israeli Organizations

Nov 15, 2024Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have...

LEAVE A REPLY

Please enter your comment!
Please enter your name here