New Malware Targets MENA Region, Steals Cryptocurrency Data - TECHx Media New Malware Targets MENA Region, Steals Cryptocurrency Data
The malware is designed to harvest cryptocurrency wallet data and send it to a Telegram bot operated by the attackers. PT ESC's investigation revealed approximately 900 potential victims, with most affected individuals being regular users from industries including oil and gas, construction, IT, and agriculture. Victims are primarily located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), UAE (7%), and Qatar (5%).
The group behind the campaign has been named Desert Dexter, a reference to one of the suspected operators. During the investigation, researchers discovered the attackers were using temporary accounts and fake news channels on Facebook to bypass ad filters and spread their malicious posts. Although a similar campaign was documented in 2019, the current operation introduces new techniques to make the malware more effective.
Denis Kuvshinov, Head of Threat Intelligence at Positive Technologies, explained that the attack follows a multi-stage process, beginning with victims being lured to file-sharing services or Telegram channels, where they unknowingly download a RAR archive containing malicious files. These files install AsyncRAT, collect system information, and send the data to a Telegram bot controlled by the attackers. The modified AsyncRAT includes an updated IdSender module, which specifically targets cryptocurrency wallet extensions, two-factor authentication extensions, and software used to manage cryptocurrency wallets.
While the tools used by Desert Dexter are not particularly sophisticated, their use of social media ads and legitimate services has made the campaign effective. The attackers exploit geopolitical tensions in the MENA region, targeting both individual users and high-ranking officials. Researchers have noted that the region remains a prime target for cyberattacks due to ongoing political instability, with phishing campaigns increasingly using political themes to lure victims.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Dubai Eye
4 hours ago
- Dubai Eye
WhatsApp says Russia is trying to block it
WhatsApp said Russia was trying to block its services because the social media messaging app owned by Meta Platforms offered people's right to secure communication, and vowed to continue trying to make encrypted services available in Russia. Russia has started restricting some Telegram and WhatsApp calls, accusing the foreign-owned platforms of failing to share information with law enforcement in fraud and terrorism cases. "WhatsApp is private, end-to-end encrypted, and defies government attempts to violate people's right to secure communication, which is why Russia is trying to block it from over 100 million Russian people," WhatsApp said in a statement. "We will keep doing all we can to make end-to-end encrypted communication available to people everywhere, including in Russia." Telegram said its moderators were using AI tools to monitor public parts of the platform to remove millions of malicious messages every day. "Telegram actively combats harmful use of its platform including calls for sabotage or violence and fraud," Telegram said in a statement. Russia has clashed with foreign tech platforms for several years over content and data storage in a simmering dispute that intensified after Moscow's sent its army into Ukraine in February 2022, with critics saying that Russia is trying to expand its control over the country's internet space.
Sharjah 24
10 hours ago
- Sharjah 24
Russia imposes curbs on WhatsApp, Telegram calls
"In order to combat criminals, measures are being taken to partially restrict calls on these foreign messaging apps (WhatsApp and Telegram)," communications watchdog Roskomnadzor said, as quoted by the RIA and TASS news agencies. The messenger apps have become "the main voice services used for fraud and extortion, and for involving Russian citizens in subversive and terrorist activities," the watchdog added. Russian security services have frequently claimed that Ukraine was using Telegram to recruit people or commit acts of sabotage in Russia. Moscow wants the messengers to provide access to data upon request from law enforcement, not only for fraud probes but also for investigating activities that Russia describes as terrorist ones. "Access to calls in foreign messengers will be restored after they start complying with Russian legislation," Russia's digital ministry said. In a statement sent to AFP, Telegram said it "actively combats misuse of its platform, including calls for sabotage or violence, as well as fraud" and removes "millions of pieces of harmful content every day". Since launching its offensive in Ukraine, Russia has drastically restricted press freedom and freedom of speech online. "WhatsApp is private, end-to-end encrypted, and defies government attempts to violate people's right to secure communication, which is why Russia is trying to block it from over 100 million Russian people," a spokesperson for Meta-owned WhatsApp told AFP. More than 100 million people in Russia use WhatsApp for messages and calls, and the platform is concerned that this is an effort to push them onto platforms more vulnerable to government surveillance, according to the spokesperson.
Zawya
10 hours ago
- Zawya
Kaspersky highlights biometric and signature risks with attempts increasing by 21.2% in the UAE
Kaspersky has detected and blocked over 142 million phishing link clicks globally in Q2 2025, the UAE saw a 21.2% increase from Q1 in phishing attempts. Currently phishing is going through a shift driven by sophisticated AI-powered deception techniques and innovative evasion methods. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms like Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalized threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. An example of a phishing email created with DeepSeek (left) and an example of a phishing website created with AI (right) Attackers also create realistic audio and video deepfake impersonations of trusted figures — colleagues, celebrities or even bank officials — to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyze public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram's Telegraph platform, a tool to publish long texts, is used to host phishing content. Google Translate's page translation feature generates links that look like and are used by attackers to bypass security solutions' filters. A phishing page mimicking an Office document hosted on Telegraph (left) and an example of a phishing page hidden behind a URL provided by Google Translate (right) Attackers now also integrate CAPTCHA, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using CAPTCHA, these fraudulent pages deflect anti-phishing algorithms, as the presence of CAPTCHA is often associated with trusted platforms, lowering the likelihood of detection. A switch in hunting: from logins and passwords to biometrics and signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts like account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorized access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms like DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks to businesses. ' The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords — they're targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defenses. Users must stay increasingly skeptical and proactive to avoid falling victim,' said Olga Altukhova, security expert at Kaspersky. Detailed information is available in a report on Earlier in 2025 Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions and government organizations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. To be protected from phishing, Kaspersky recommends: Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes. Scrutinize videos for unnatural movements or overly generous offers, which may indicate deepfakes. Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. Limit sharing sensitive details online, such as document photos or sensitive work information. Use Kaspersky Next (in corporate environments) or Kaspersky Premium (for individual use) to block phishing attempts. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at
