Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones

The iServer phishing-as-a-service platform was used by Spanish-speaking criminals to harvest credentials and unlock stolen and lost phones.

Law enforcement agencies in Europe and Latin America on Thursday announced the takedown of iServer, a phishing-as-a-service platform enabling the unlocking of stolen and lost phones.

Dismantled as part of an international law enforcement effort named Operation Kaerb, iServer is estimated to have targeted over 1.2 million mobile phones and to have made over 480,000 victims.

“Investigators reported 483 000 victims worldwide, who had attempted to regain access to their phones and been phished in the process. The victims are mainly Spanish-speaking nationals from European, North American, and South American countries,” Europol announced.

The law enforcement operation, which took place between 10 and 17 September, resulted in the arrest of 17 individuals in Argentina, Chile, Colombia, Ecuador, Peru, and Spain, including an Argentinian national believed to be the platform’s administrator.

According to the investigators, the iServer administrator had been building and running phishing services since 2018 and had been running the mobile phone unlocking platform for the past five years.

iServer had over 2,000 registered, paying users, who were “charged extra costs for phishing, SMS, emails or call performing,” Europol says.

According to threat intelligence firm Group-IB, which assisted in the investigation, iServer was an automated phishing platform that specifically focused on harvesting credentials that allowed low-skilled criminals to unlock phones.

The platform allowed users to steal credentials from cloud-based mobile services and other personal information from their victims, which could be used to bypass devices’ Lost Mode function.

Advertisement. Scroll to continue reading.

iServer’s owner sold access to “unlockers”, individuals who provided phone unlocking services to criminals in the possession of phones that were illegally acquired, Group-IB explains.

The phishing attacks were designed to harvest data such as IMEI, language, owner details, and other information that granted access to physical mobile devices through Lost Mode or via cloud-based mobile platforms.

Victims were sent SMS messages containing phishing links that redirected to phishing pages where they were prompted to enter their credentials and additional information, including OTP codes.

After receiving the credentials and validating them, the criminals unlocked the phones, turned off Lost Mode, and unlinked them from their previous owners.

Related: Radar/Dispossessor Ransomware Operation Disrupted by Authorities

Related: Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads

Related: Financial Fraud-Focused Cybercrime Marketplace ‘Styx’ Emerges

Related: Microsoft Creates Cybersecurity Council for the Public Sector in APAC

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.