[ad_1]
Residents of the United Arab Emirates have been targeted by a text message campaign designed to steal payment and personal details. The campaign, which previously targeted users in the Asia-Pacific region, was named PostalFurious for impersonating the postal service.
The Group-IB investigation attributed the two campaigns to a group called Post Fury. The group has been active since at least 2021 and has been able to rapidly build large network infrastructures, which they also frequently alter to avoid detection by security tools, and utilize access control techniques to avoid automated detection and blocking. There is evidence that they operate globally, beyond the scope of this Middle Eastern initiative.
In this campaign, payment details are collected via scam text messages asking the recipient to pay tolls and delivery charges. The URLs in the text lead to fake branded payment pages that ask for personal details such as name, address and credit card information. The phishing page also used the impersonated official name and logo of the postal service provider and was only accessible from UAE IP addresses.
The text messages contained a shortened URL containing a fake branded payment page and had been active since at least April 15 of this year; when launched, the campaign impersonated a UAE toll operator, but a new version launched on April 29, in which Contains UAE postal service spoofs.
In both cases, the same servers were used by the phishing domains, and the SMS messages were sent from phone numbers registered in Malaysia and Thailand and via Email address via iMessage.
Who is the Angry Postman?
When asked who the emails were aimed at, Anna Yurtaeva, Senior Cyber ​​Investigations Specialist at Group-IB Digital Crime Resistance Center in Dubai, confirmed that PostalFurious’ scams are aimed at the general public.
“They launched an extensive SMS phishing campaign and we know that some messages were sent to UAE residents who were not users of the service,” she said. “From our analysis of the source code and infrastructure of the PostalFurious website, we see that the group aims to steal payment credentials and personal data from victims.”
She confirmed that no malware downloads were seen in the two detected campaigns, but the attacks targeting users in the UAE appear to be part of a wider, larger campaign that could have global ramifications. She said the operators of PostalFurious had previously targeted users in Singapore and Australia, and they had also produced fake websites posing as postal service and toll operators.
The news follows similarly themed activity that was revealed earlier this week.Dubbed Operation Red Hart, the effort has targeted Israeli engineering and telecommunications companies in a persistent phishing email campaign Convincingly impersonating Israel’s postal service.
[ad_2]
Source link