A recent hacking attack targeted high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials, as Iran faces unrest.
London: On Tuesday, Iranian activist Nariman Gharib tweeted about a phishing link he got through WhatsApp. Gharib, who is following protests in Iran, warned others not to click on suspicious links because the campaign aimed at people involved with Iran.
This hacking attack happened as Iran deals with a long internet shutdown during protests and crackdowns. TechCrunch wanted to know more about this serious issue. Soon after tweeting, Gharib shared the phishing link with TechCrunch, helping them access the source code used in the attack.
Experts found that the campaign planned to steal Gmail accounts and WhatsApp information while also collecting location data, photos, and sound recordings. It’s not known if the hackers are connected to any government or are just cybercriminals.
TechCrunch discovered a way to see responses from victims saved on the attackers’ server. Unfortunately, many people fell for the phishing trick, including academics, journalists, and government officials from various countries.
Gharib got a WhatsApp message with a link loading a phishing site. The attack used a DNS provider called DuckDNS, which hides web addresses. It’s unclear if the attackers stopped the site or if DuckDNS shut it down after complaints.
TechCrunch found that the phishing link misled users into thinking they were signing in to Gmail or providing their phone number. It even stored records of over 850 victims who entered their details. This dangerous information includes usernames, passwords, and two-factor authentication codes.
Additionally, the attack also tricked victims into sharing their location, photos, and sound. Gharib’s case showed how users could be led to a fake WhatsApp page that asked for scanning a QR code. This code could link victims’ WhatsApp accounts to the attackers’ devices.
Experts discussed who might be behind these attacks. Some suggested it could be linked to Iran’s military group, the IRGC, known for cyberattacks. Others thought it might be financially motivated hackers. Regardless, the goal seemed to be stealing information and possibly spying on significant individuals.
Miller, a security expert, warned that clicking on unknown links is risky. The phishing campaign’s timing raises concerns about espionage directed toward people tied to the Iranian government, especially considering the current protests.
To ensure safety, always verify links and avoid clicking on those that seem fake or suspicious.