"Gharib shared the full phishing link with TechCrunch soon after his post, allowing us to capture a copy of the source code of the phishing web page used in the attack. He also shared a write-up of his findings. TechCrunch analyzed the source code of the phishing page, and with added input from security researchers, we believe the campaign aimed to steal Gmail and other online credentials, compromise WhatsApp accounts, and conduct surveillance by stealing location data, photos, and audio recordings."
"TechCrunch also identified a way to view a real-time copy of all of the victim's responses saved on the attacker's server, which was left exposed and accessible without a password. This data revealed dozens of victims who had unwittingly entered their credentials into the phishing site, and were subsequently likely hacked. The list includes a Middle Eastern academic working in national security studies; the boss of an Israeli drone maker; a senior Lebanese cabinet minister; at least one journalist; as well as people in the United States or with U.S. phone numbers."
A targeted WhatsApp phishing campaign delivered malicious links to people involved in Iran-related activities. Redacted screenshots and a captured phishing page source code indicate efforts to harvest Gmail and other online credentials, take over WhatsApp accounts, and collect location data, photos, and audio. The attacker’s server exposed real-time copies of victim responses without a password, revealing dozens of likely compromised accounts. Identified victims included academics, industry leaders, government officials, journalists, and U.S.-connected individuals. Attribution remains unclear, and the campaign coincided with Iran’s prolonged nationwide internet shutdown amid widespread protests and crackdowns.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]