Reading Time: 2 minutes
Dutch police arrests two hackers involved in the “Fraud-as-a-Service” operation. The hackers belong to a Dutch cybercriminal collective involved in the development, sale, and renting of sophisticated phishing frameworks to other threat actors.
The hacking duo, a 24-year-old software engineer and a 15-year boy were the main developer and sellers of the phishing frameworks. These were used to collect login details from bank customers. Users from the Netherlands and Belgium were the primary targets on their list.
According to Group-IB Europe’s Roberto Martinez, senior threat intelligence analyst, and Anton Ushakov, deputy head of the high-tech crime investigation department, “The phishing frameworks allow attackers with minimal skills to optimize the creation and design of phishing campaigns to carry out massive fraudulent operations all the while bypassing 2FA. Advertises their services and interacts with fellow cybercriminals on Telegram messenger.”
The hackers infected the users with an email, SMS, or WhatsApp message impersonating well-known local brands containing malicious links. The victim would click them only to be redirected to adversary-controlled payment info-stealing phishing websites.
The other method used by them was to pose as a buyer on a Dutch classified advertising platform to contact a seller and subsequently move the conversation to WhatsApp, trucking the victims into visiting a phishing site.
The hackers would offer a high level of personalization, which not only impersonate a legit Dutch marketplace but also claim to use a well-known E-commerce payment system in the country. This would lead the victims to a fake bank page, from here they would manage to collect credentials based on the bank selected, noted Group-IB researchers.
Group-IB researchers further added, “When victims submit their banking credentials, the phishing site sends them to the fraudster-controlled web panel. This one actually notifies the miscreants that a new victim is online. The scammers can then request additional information that will help them to gain access to the bank accounts, including two-factor authentication tokens, and personally identifiable information.”
The group posted a message on Telegram offering a web panel, such as U-Admin – a fork of another panel. Other hackers can rent these for €200 a month (Express Panel), while a Reliable Panel or Reliable Admin would cost €250. The hacking family operated nearly 8 Telegram channels, with around 2,000 subscribers between them.
Group-IB researchers concluded saying, “The attacks that rely on Fraud Family’s infrastructure increased toward the final months of 2020. This trend continues in 2021 with the appearance of Express Panel and Reliable Panel.”
Saudi Aramco Hacked – Hackers Demand $50 Million Ransom
Hacker Involved in Twitter Hack and Massive Bitcoin Scam in 2020 Arrested
Iranian Hackers Pose as Hackers – Target Professors and Writers in Middle-East