A mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF, has been detected.
According to Lookout, law enforcement and the targeted organizations have been contacted, but as of the publication of the blog, the attack is still ongoing. The infrastructure connected to this attack has been live since March 2019, says the blog. Two domains have been hosting phishing content:
"The associated IP network block and ASN (Autonomous System Number) is understood by Lookout to be of low reputation and is known to have hosted malware in the past," notes the blog.
Lookout has also "collected evidence of key logging functionality embedded in the password field of the phishing login pages, such that, if a target doesn’t complete the login activity by pressing the login button or if they enter another, unintended password, this information is still sent back to the command and control infrastructure operated by the malicious actor," notes the blog.
For more information, visit the Lookout blog.