Positive Technologies experts uncover new malware campaign in the Middle East
The investigation revealed approximately 900 potential victims, most of whom are everyday users. Among those affected are employees working in industries such as oil and gas, construction, IT, and agriculture.
Analysis showed that most victims are located in Libya (49%), Saudi Arabia (17%), Egypt (10%), Turkey (9%), the UAE (7%), Qatar (5%), and other countries.
The group behind the campaign was dubbed Desert Dexter, named after one of the suspected authors. During the investigation, researchers found that the attackers rely on temporary accounts and fake news channels on Facebook [1] to bypass the platform's ad filters. A similar attack was documented by Check Point researchers in 2019, but the campaign described here introduces new techniques to the attack chain.
Denis Kuvshinov, Head of Threat Intelligence, Positive Technologies Expert Security Center, said:"This attack follows a multi-stage process. The victim is lured from a promotional post to a file-sharing service or a Telegram channel operated by the attackers, which imitates a media outlet. From there, the victim receives a RAR archive containing malicious files. These files download and execute AsyncRAT, gather necessary system information, and send it to the attackers' Telegram bot. The AsyncRAT version used in this campaign includes a modified IdSender module that collects information about cryptocurrency wallet extensions, two-factor authentication extensions in various browsers, and software used to manage cryptocurrency wallets."
While Desert Dexter's tools are not particularly sophisticated, their use of social media ads, legitimate services, and the geopolitical context of the region has made the campaign effective. The group posts messages about allegedly leaked confidential information, making the attack chain versatile enough to infect the devices of not only regular users but also high-ranking officials.Researchers note that ongoing tensions in the Middle East and North Africa have made the region a prime target for cyberattacks aimed at both government institutions and individual users. Political themes remain a common lure in phishing campaigns, with attacks becoming more sophisticated and malware being continuously adapted to meet the needs of different threat actors.
Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia publicly available on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us on X, LinkedIn, and in the News section at global.ptsecurity.com.
[1] Meta (Facebook) is currently prohibited in Russia.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
2 hours ago
- Khaleej Times
Russia imposes restrictions on WhatsApp, Telegram calls
Russia announced curbs on calls on the WhatsApp and Telegram messenger apps on Wednesday, saying that this was necessary to fight criminality, state media reported. "In order to combat criminals, measures are being taken to partially restrict calls on these foreign messaging apps (WhatsApp and Telegram)," communications watchdog Roskomnadzor said, as quoted by the RIA and TASS news agencies. The messenger apps have become "the main voice services used for fraud and extortion, and for involving Russian citizens in subversive and terrorist activities," the watchdog added. Russian security services have frequently claimed that Ukraine was using Telegram to recruit people or commit acts of sabotage in Russia. Moscow wants the messengers to provide access to data upon request from law enforcement, not only for fraud probes but also for investigating activities that Russia describes as terrorist ones. "Access to calls in foreign messengers will be restored after they start complying with Russian legislation," Russia's digital ministry said. In a statement sent to AFP, Telegram said it "actively combats misuse of its platform, including calls for sabotage or violence, as well as fraud" and removes "millions of pieces of harmful content every day".
Middle East Eye
4 hours ago
- Middle East Eye
Israeli media praise killing of Palestinian journalist Anas al-Sharif
"It's about time," wrote Daphna Liel, a senior journalist at Israel's Channel 12 News, on her Telegram page on Sunday night. "The IDF killed the terrorist who operated under the guise of an Al Jazeera journalist," her report said, referring to the Israeli army. The picture of Al Jazeera journalist Anas al-Sharif was attached. The killing of Sharif on Sunday has provoked outrage from press freedom groups and other media outlets - but in Israel, the response by most of the media has seemingly been that Sharif, in fact, had it coming. Ynet described Sharif as "the reporter-terrorist who was assassinated", Maariv newspaper said he was "a journalist in the service of Hamas", and Israel Hayom wrote that he was "a terrorist disguised as a journalist". New MEE newsletter: Jerusalem Dispatch Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters On Sunday night, the Israeli military announced that it had attacked a journalists' tent near Al-Shifa Hospital in Gaza City. Sharif, who was one of the most prominent journalists covering Israel's assault on Gaza, was the target of the attack. In addition to Sharif, six other Palestinians were killed in the attack, including Al Jazeera correspondent and Middle East Eye contributor Mohammed Qreiqeh as well as camera operators Mohammed Noufal, Ibrahim Zaher and Moamen Aliwa. "The Israeli media's response to the killing of the journalists was frightening," Zahra Saeed, a Palestinian journalist at Radio Al-Shams, told MEE. "Amit Segal [a senior journalist at Channel 12 News] wrote on his Telegram account that he was waiting for this assassination, it's unbelievable. He is part of the Israeli apparatus of incitement against journalists." 'Murder. Plain and simple' The Israeli attack on Sunday was condemned around the world. Sara Qudah, regional director of the Committee to Protect Journalists, said: "Israel wiped out an entire news crew. It has made no claims that any of the other journalists were terrorists. That's murder. Plain and simple." The war in Gaza is the deadliest conflict for journalists since such data began to be collected. Since the beginning of the war, Israel has killed 270 journalists and media workers. The Israeli army spokesperson claimed it had documents indicating that Sharif was active in Hamas, but did not produce the evidence. 'The Israeli media plays a central role in the genocide in Gaza, whether actively or silently' - Hanin Majadli, Haaretz Hanin Majadli, a Palestinian journalist who writes for Haaretz, told MEE that Israeli media were actively trying to misrepresent the current situation as normal. "The Israeli media is an inseparable part of the Israeli apparatus, which also includes the government, the military, and the public, which commits crimes in Gaza," Majadli said. "The Israeli media plays a central role in the genocide in Gaza, whether actively or silently." Right-wing journalist Yinon Magal of Channel 14 criticised a demonstration by Palestinians in Umm al-Fahm, in northern Israel, "for the 'journalist'-terrorist, Anas al-Sharif". Saeed said there was effectively no difference between the mainstream media and the far-right media regarding the coverage of the assassination of Sharif. "Anyone who asks questions and casts doubts finds himself under attack and outside the national consensus. He is labelled a traitor," she told MEE. "The Israeli crimes in Gaza are justified in the mainstream media, just as they are in the extreme right media outlets," Majadli said. "There is no justification for the assassination of Anas al-Sharif. According to Israeli logic, Israeli journalists are also legitimate targets - while an Israeli journalist called for the killing of 100,000 Gazans and another blew up houses in Lebanon, they are considered professional journalists." 'Hunt down Arabs' Journalists in Israel that condemned the attack faced criticism of their own. Majadli and Saeed said they received abuse while expressing their views on the assassination of Sharif. Saeed said that a post on her Instagram account lamenting the killing of Sharif was translated into Hebrew and led to incitement. According to Saeed, the purpose of translating the post was to "hunt down Arabs", adding that this is what happens "when a Palestinian journalist in Israel wants to express her opinion". Exclusive: MPs urge UK to disclose if it holds spy plane footage of Israel's journalist killings Read More » "All of our journalistic work has been reduced to whether you are for or against terrorism. Asking questions beyond the borders of the IDF spokesperson is considered a crime," Saeed said, adding that "it is dangerous to be a journalist in Israel as well, not only in Gaza". "In Israel, the equation is very simple - the Palestinians are terrorists," Majadli said. "A Palestinian journalist who speaks out against the killing of Anas al-Sharif is considered an encourager of terrorism, a sympathiser of terrorism, or an inciter to terrorism. "There is no journalistic space in Israel. The vast majority of Palestinians in Israel can't even say about Anas al-Sharif 'may Allah have mercy on him'." "The incitement against Palestinian journalists is open, it is the norm, it is urgent," Majadli said. "The incitement is here to stay for a long time. In Israel, the Palestinians need to know that they have to keep their mouths shut."
Sharjah 24
2 days ago
- Sharjah 24
5 journalists killed in Israeli strike in Gaza
The Israeli military admitted in a statement to targeting Anas al-Sharif, the reporter it labelled as a "terrorist" affiliated with Hamas. The attack was the latest to see journalists targeted in the 22-month war in Gaza, with around 200 media workers killed over the course of the conflict, according to media watchdogs. "Al Jazeera journalist Anas al-Sharif has been killed alongside four colleagues in a targeted Israeli attack on a tent housing journalists in Gaza City," the Qatar-based broadcaster said. "Al-Sharif, 28, was killed on Sunday after a tent for journalists outside the main gate of the hospital was hit. The well-known Al Jazeera Arabic correspondent reportedly extensively from northern Gaza." The channel said that five of its staff members were killed during the strike on a tent in Gaza City, listing the others as Mohammed Qreiqeh along with camera operators Ibrahim Zaher, Mohammed Noufal and Moamen Aliwa. The Israeli military confirmed that it had carried out the attack, saying it had struck Al Jazeera's al-Sharif and calling him a "terrorist" who "posed as a journalist". "A short while ago, in Gaza City, the IDF struck the terrorist Anas Al-Sharif, who posed as a journalist for the Al Jazeera network," it said on Telegram, using an acronym for the military. "Anas Al-Sharif served as the head of a terrorist cell in the Hamas terrorist organisation and was responsible for advancing rocket attacks against Israeli civilians and IDF troops," it added. Al-Sharif was one of the channel's most recognisable faces working on the ground in Gaza, providing daily reports in regular coverage. Following a press conference by Prime Minister Benjamin Netanyahu on Sunday, where the premier defended approving a new offensive in Gaza, al-Sharif posted messages on X describing "intense, concentrated Israeli bombardment" on Gaza City. One of his final messages included a short video showing nearby Israeli strikes hitting Gaza City. In July, the Committee to Protect Journalists issued a statement calling for his protection as it accused the Israeli military's Arabic-language spokesperson Avichay Adraee of stepping up online attacks on the reporter by alleging that he was a Hamas terrorist. Following the attack, the CPJ said it was "appalled" to learn of the journalists' deaths. "Israel's pattern of labelling journalists as militants without providing credible evidence raises serious questions about its intent and respect for press freedom," said CPJ Regional Director Sara Qudah. "Journalists are civilians and must never be targeted. Those responsible for these killings must be held accountable." The Palestinian Journalists' Syndicate condemned what it described as a "bloody crime" of assassination. Israel and Al Jazeera have had a contentious relationship for years, with Israeli authorities banning the channel in the country and raiding its offices following the latest war in Gaza. Qatar, which partly funds Al Jazeera, has hosted an office for the Hamas political leadership for years and been a frequent venue for indirect talks between Israel and the militant group. Sealed off With Gaza sealed off, many media groups around the world, including AFP, depend on photo, video and text coverage of the conflict provided by Palestinian reporters. Media watchdog Reporters Without Borders (RSF) said in early July that more than 200 journalists had been killed in Gaza since the war began, including several Al Jazeera journalists. International criticism is growing over the plight of the more than two million Palestinian civilians in Gaza, with UN agencies and rights groups warning that a famine is unfolding in the territory. The targeted strike comes as Israel announced plans to expand its military operations on the ground in Gaza, with Netanyahu saying on Sunday that the new offensive was set to target the remaining Hamas strongholds there. He also announced a plan to allow more foreign journalists to report inside Gaza with the military, as he laid out his vision for victory in the territory. A UN official warned the Security Council that Israel's plans to control Gaza City risked "another calamity" with far-reaching consequences. "If these plans are implemented, they will likely trigger another calamity in Gaza, reverberating across the region and causing further forced displacement, killings, and destruction," UN Assistant Secretary General Miroslav Jenca told the Security Council.
