A new wave of a sophisticated mobile-aware phishing campaign uncovered in wide that mainly targeting non-governmental organizations in various countries around the world.

The campaign is still live since March 2019, and the cybercriminals behind this attacker have been hosted two domains (session-services[.]com and service-ssl-check[.]com) with phishing content.

This one going phishing attack mainly targeting a variety of United Nations humanitarian organizations, such as UNICEF and attackers are still expanding the target and origins.

The Phishing domains are resolving two different IP addresses ( 111 [.] 90 [.] 142 [.] 105 and 111[.]90 [.] 142 [.] 91) in the same network, and these are had suspicious activities records in the past and very low reputation in the past, also used for hosting malware.

A sample of one of the live phishing sites

Key-logging and Fake Office365 login pages

The mobile-aware phishing campaign using various methods such as fake Office365 login page, abusing the valid SSL certificate, log keystrokes.

Attackers using a javascript code logic on the phishing page to detect if the page loaded on the mobile device that helps to deliver the content related to mobile specfic.

“Mobile web browsers also unintentionally help obfuscate phishing URLs by truncating them, making it harder for the victims to discover the deception.”

The researcher found some strong evidence of keylogging functionality embedded in the password field of the phishing login pages.

According to Lockout research “Attackers cleverly embedded the keylogger that even works if the target doesn’t complete the login activity by pressing the login button or if they enter another, unintended password, this information is still sent back to the command and control infrastructure operated by the malicious actor.”

This Phishing attack using valid SSL certificates and the attackers using several noteworthy techniques employed in this campaign.

“The mobile-aware component found in this campaign is further proof that phishing attacks have evolved to target mobile devices. Mobile phishing has emerged as a source of increased risk for enterprises”, lookout concluded.

Also Read: State-Sponsored APT Hackers From China, North Korea, Iran Focusing to Develop Android & iOS Mobile Malware

Leave a Reply