Financial Crime World

Identity Theft Prevention Alert: Western Sahara Activists Targeted in Sophisticated Phishing Campaign

A new threat actor, known as Starry Addax, has been identified targeting human rights activists in Morocco and Western Sahara with a series of sophisticated phishing attacks.

The Phishing Campaign

The campaign, which began in January 2024, uses bogus Android apps and fake Windows login pages to trick victims into revealing their credentials. According to cybersecurity experts at Cisco Talos, the threat actor’s infrastructure is designed to target both Android and Windows users.

The Attack Vector

The attack vector involves spear-phishing emails that trick targets into installing a malicious APK or visiting a fake social media login page. The Android malware, dubbed FlexStarling, is capable of delivering additional malware components and stealing sensitive information from infected devices.

Additional Capabilities

Once installed, the malware requests extensive permissions that allow it to perform nefarious actions, including fetching commands from a Firebase-based command-and-control server.

Stealthy Campaign

Talos notes that this campaign is unusual in its focus on stealth and custom-made tools, indicating a heavy emphasis on conducting activities under the radar. The development comes amid the emergence of a new commercial Android remote access trojan (RAT) known as Oxycorat, which is being offered for sale with diverse information gathering capabilities.

Unique Features

The Starry Addax campaign marks an interesting twist in that it has built its own arsenal of tools and infrastructure to target human rights activists, rather than relying on commodity malware or commercially available spyware. The attacks are still in their early stages, but Talos warns that the supporting infrastructure and malware have been deemed mature enough to start targeting high-value individuals.

Recommendations

As a result, cybersecurity experts urge Western Sahara activists to exercise extreme caution when receiving suspicious emails or installing new apps:

  • Be cautious of spear-phishing emails and do not install any attachments or click on links unless you are certain they are legitimate.
  • Verify the authenticity of social media login pages before entering your credentials.
  • Keep your devices and software up-to-date with the latest security patches.
  • Use strong, unique passwords for all accounts and enable two-factor authentication whenever possible.

Conclusion

The Starry Addax campaign highlights the importance of staying vigilant against sophisticated phishing attacks. By following best practices and exercising caution when interacting with online services, individuals can significantly reduce their risk of falling victim to these types of attacks.