Attacks involved the utilization of accounts spoofing Microsoft, Google, Yahoo, and AOL IT support to target other WhatsApp accounts belonging to individuals in the U.S., Iran, Israel, Palestine, and the UK, according to Meta researchers.
According to ESET researchers who discovered the campaign, the malware, which they named NGate, mimicked legitimate banking apps, convincing victims to download a malicious app via phishing messages that claimed their devices were compromised.
Attackers have used automated voice calls, social media ads, and SMS messages to lure targets into downloading the PWAs, which resemble legitimate apps and enable stealthy compromise of devices' camera, microphone, geolocation, and other browser functions, a report from ESET showed.
Blind Eagle's intrusions commence with the distribution of government and financial organization-spoofing phishing emails with malicious attachments containing links that redirect to a website hosting a compressed ZIP archive as an initial dropper following geographical verification, according to a Kaspersky report.
New AnvilEcho PowerShell trojan distribution has been sought by Iranian state-backed threat operation TA453 in a spear phishing attack campaign against a major Jewish personality that commenced late last month.
Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.