HQ/EMEAFind out how we can help your business
Researchers discovered a new cyberespionage group called OilAlpha that has been terrorising different entities from the Arabian Peninsula. Based on reports, the group has primarily targeted humanitarian institutions, media outlets, and NGOs.
Analysts suspect that the current operation has ties with Yemen’s Houthi gang.
The cybercriminal operation of this attack leverages WhatsApp to breach and infect the earlier-mentioned entities, posing a hostile threat to digital security.
The OilAlpha cybercriminal operations exploit flawed smartphones of Arabian users.
According to investigations, the OilAlpha group prioritises targeted vulnerable Android phones that most Arab users own.
The espionage campaign targets journalists and political representatives participating in the Yemen civil war negotiations by sending infectious Android files through WhatsApp.
The group has also adopted remote access tools like SpyMax and SpyNote to install spyware. These malicious tools allow the actors to gain unauthorised access to SMS data, call logs, network details, contact information, audio features, GPS location data, and camera.
Furthermore, the group engaged in app spoofing that impersonates well-known humanitarian organisations, the Red Crescent Society, and the Norwegian Refugee Council. These entities are actively involved in Yemen’s disaster response and humanitarian operations.
The OilAlpha campaign is one of many malicious attacks that exploit Android vulnerabilities. Recently, the FluHorse Android malware has disguised itself as a legitimate app and has already garnered millions of downloads. The Android malware could steal personal data, such as usernames, passwords, and two-factor authentication codes, through phishing attacks.
Last month, a new attack also emerged, targeting Android mobile devices in India using malware delivered through well-known messaging applications like WhatsApp. Researchers linked the malware to a known APT group notorious for targeting the South Asian region, especially India.
Cybersecurity experts claim that OilAlpha will persist in leveraging malicious Android-based apps to target entities involved in Yemen’s political and security developments unless new important information or a substantial geostrategic transition happens. Furthermore, the humanitarian and NGO entities will continue to suffer the wrath of these attacks if no development occurs soon.
Therefore, researchers recommend that these organisations implement robust policies and conduct anti-phishing solutions and social engineering awareness drills to fortify their defences. Lastly, these targeted entities should have strong passwords and active MFA to mitigate such threats.
