HomeTechnology

Sniper Dz Scams Target MENA Users with Sophisticated Fraudulent Facebook Schemes and Browser Notification Exploits

Sniper Dz Scams Target MENA Users with Sophisticated Fraudulent Facebook Schemes and Browser Notification Exploits

Recent investigations have uncovered a complex fraudulent scheme aimed at users in the Middle East and North Africa (MENA). Cybersecurity experts have identified a network of counterfeit Facebook accounts impersonating politicians, public figures, and reputable organizations to deceive victims into scams. This troubling trend underscores the evolving tactics employed by cybercriminals to exploit unsuspecting individuals.

The Mechanics of the Scam

Analysts from Group-IB report that these fraudulent accounts promoted enticing offers, including free mobile internet packages, financial compensation, and government subsidy programs. Victims were lured into clicking embedded links to claim these benefits. However, instead of receiving the promised rewards, they were redirected through a series of intermediary websites that ultimately led to phishing schemes and traffic monetization infrastructures.

This operation is associated with Sniper Dz, a phishing-as-a-service (PhaaS) platform dismantled during a recent INTERPOL-led operation. The platform not only facilitated credential theft but also generated illicit revenue through browser notification abuse, premium SMS subscriptions, and investment scams.

Social Engineering Tactics

The victim funnel employed by Sniper Dz begins with localized social engineering tactics. Scammers impersonate well-known telecom providers, such as Algérie Télécom, to promote fake offers. This strategy directs users to domains hosted on link-aggregation services, which act as intermediaries between social media posts and the final malicious destinations.

Rather than directing users straight to harmful websites, the campaign initially routes them through trusted platforms like Linkbio and Linktree. Group-IB researchers noted that attackers create decoy landing pages on these domains, enhancing the legitimacy of the scams.

Browser Notification Abuse

The final stage of the attack involves tricking victims into granting browser notification permissions. Users are prompted to click “Allow” to continue, which subscribes their web browsers to a push notification system using a Voluntary Application Server Identification (VAPID) public key. This technique enables attackers to send unsolicited notifications and further ensnare users in the scam ecosystem.

Group-IB has observed the same VAPID key being reused across various campaigns masquerading as telecommunications providers and investment-related scams. This reuse indicates a shared push-notification ecosystem, suggesting that the operators leverage interconnected infrastructures rather than independent systems.

Advanced Manipulation Techniques

The fraudulent pages employ several advanced techniques to manipulate user behavior. One tactic is back button hijacking, where the page injects multiple fake history states. This strategy tricks users into visiting other sites that may serve unsolicited ads or trap them in a “back-button prison,” inflating ad impressions and promoting scams.

Additionally, the pages implement a tab-under technique. When users interact with specific links, a delayed script silently redirects the original tab to another destination controlled by the scammers. This approach allows the campaign to continue driving traffic through its redirection and monetization infrastructure, even after victims believe they have left the site.

Monetization and Targeting

Once users are integrated into the notification infrastructure, the attacks progress to the monetization phase. Victims are routed to a traffic distribution system (TDS) that determines which scams to present based on various factors, including device type, location, and mobile carrier. Potential scams include premium-rate call fraud, premium SMS subscription scams, and investment schemes.

This campaign highlights a significant shift in modern fraud operations, increasingly relying on the exploitation of legitimate web technologies rather than traditional malware. Instead of infecting devices, operators exploit trusted platforms, browser features, and social engineering techniques to guide victims through a meticulously designed monetization funnel.

The implications of these findings reveal the intricate methods employed by cybercriminals to exploit vulnerabilities in user behavior and trusted systems. As these tactics become more sophisticated, the need for heightened awareness and robust cybersecurity measures becomes increasingly critical.

As reported by cyberwarriorsmiddleeast.com, the recent dismantling of Sniper Dz emphasizes the urgent need for vigilance against such evolving cyber threats.

Explore the latest digital editions of FAME Delivered in the Magazine section.

Published on 2026-06-15 13:34:00 • By FAME Delivered News Desk

FAME Delivered News Desk

Sniper Dz Scams Target MENA Users with Sophisticated Fraudulent Facebook Schemes and Browser Notification Exploits

Sniper Dz Scams Target MENA Users with Sophisticated Fraudulent Facebook Schemes and Browser Notification Exploits

Recent investigations have uncovered a complex fraudulent scheme aimed at users in the Middle East and North Africa (MENA). Cybersecurity experts have identified a network of counterfeit Facebook accounts impersonating politicians, public figures, and reputable organizations to deceive victims into scams. This troubling trend underscores the evolving tactics employed by cybercriminals to exploit unsuspecting individuals.

The Mechanics of the Scam

Analysts from Group-IB report that these fraudulent accounts promoted enticing offers, including free mobile internet packages, financial compensation, and government subsidy programs. Victims were lured into clicking embedded links to claim these benefits. However, instead of receiving the promised rewards, they were redirected through a series of intermediary websites that ultimately led to phishing schemes and traffic monetization infrastructures.

This operation is associated with Sniper Dz, a phishing-as-a-service (PhaaS) platform dismantled during a recent INTERPOL-led operation. The platform not only facilitated credential theft but also generated illicit revenue through browser notification abuse, premium SMS subscriptions, and investment scams.

Social Engineering Tactics

The victim funnel employed by Sniper Dz begins with localized social engineering tactics. Scammers impersonate well-known telecom providers, such as Algérie Télécom, to promote fake offers. This strategy directs users to domains hosted on link-aggregation services, which act as intermediaries between social media posts and the final malicious destinations.

Rather than directing users straight to harmful websites, the campaign initially routes them through trusted platforms like Linkbio and Linktree. Group-IB researchers noted that attackers create decoy landing pages on these domains, enhancing the legitimacy of the scams.

Browser Notification Abuse

The final stage of the attack involves tricking victims into granting browser notification permissions. Users are prompted to click “Allow” to continue, which subscribes their web browsers to a push notification system using a Voluntary Application Server Identification (VAPID) public key. This technique enables attackers to send unsolicited notifications and further ensnare users in the scam ecosystem.

Group-IB has observed the same VAPID key being reused across various campaigns masquerading as telecommunications providers and investment-related scams. This reuse indicates a shared push-notification ecosystem, suggesting that the operators leverage interconnected infrastructures rather than independent systems.

Advanced Manipulation Techniques

The fraudulent pages employ several advanced techniques to manipulate user behavior. One tactic is back button hijacking, where the page injects multiple fake history states. This strategy tricks users into visiting other sites that may serve unsolicited ads or trap them in a “back-button prison,” inflating ad impressions and promoting scams.

Additionally, the pages implement a tab-under technique. When users interact with specific links, a delayed script silently redirects the original tab to another destination controlled by the scammers. This approach allows the campaign to continue driving traffic through its redirection and monetization infrastructure, even after victims believe they have left the site.

Monetization and Targeting

Once users are integrated into the notification infrastructure, the attacks progress to the monetization phase. Victims are routed to a traffic distribution system (TDS) that determines which scams to present based on various factors, including device type, location, and mobile carrier. Potential scams include premium-rate call fraud, premium SMS subscription scams, and investment schemes.

This campaign highlights a significant shift in modern fraud operations, increasingly relying on the exploitation of legitimate web technologies rather than traditional malware. Instead of infecting devices, operators exploit trusted platforms, browser features, and social engineering techniques to guide victims through a meticulously designed monetization funnel.

The implications of these findings reveal the intricate methods employed by cybercriminals to exploit vulnerabilities in user behavior and trusted systems. As these tactics become more sophisticated, the need for heightened awareness and robust cybersecurity measures becomes increasingly critical.

As reported by cyberwarriorsmiddleeast.com, the recent dismantling of Sniper Dz emphasizes the urgent need for vigilance against such evolving cyber threats.

Explore the latest digital editions of FAME Delivered in the Magazine section.

Published on 2026-06-15 13:34:00 • By FAME Delivered News Desk

RELATED ARTICLES

Technology

Rethinking MDR: 60% of Alerts Go Unreviewed Amid Surge in AI-Driven Cyber Threats

FAME Delivered News Desk -
Rethinking MDR: 60% of Alerts Go Unreviewed Amid Surge in AI-Driven Cyber Threats In the evolving landscape of cybersecurity, managed detection and response (MDR) services...
Technology

Fraudulent ₹20 Crore ‘Miraculous Stone’ Scam Uncovered in Vadodara; Three Arrested by Authorities

FAME Delivered News Desk -
Fraudulent ₹20 Crore 'Miraculous Stone' Scam Uncovered in Vadodara; Three Arrested by Authorities A sophisticated fraud scheme that intertwines superstition and technology has been uncovered...
Technology

Tyra Banks Files Defamation Lawsuit Against Netflix Over Misrepresentation in ‘America’s Next Top Model’ Docuseries

FAME Delivered News Desk -
Tyra Banks Files Defamation Lawsuit Against Netflix Over Misrepresentation in ‘America’s Next Top Model’ Docuseries Tyra Banks has initiated a defamation lawsuit against Netflix, alleging...
Technology

Albanian Villagers Claim Disputed Land Sold for Kushner Resort Development

FAME Delivered News Desk -
Albanian Villagers Claim Disputed Land Sold for Kushner Resort Development ZVERNEC, Albania: Villagers in the coastal town of Zvernec allege that their land was improperly...
Technology

Over 400 Arch Linux AUR Packages Compromised to Deploy Credential-Stealing Malware and eBPF Rootkit

FAME Delivered News Desk -
Over 400 Arch Linux AUR Packages Compromised to Deploy Credential-Stealing Malware and eBPF Rootkit A significant security breach has affected the Arch User Repository (AUR),...

Latest Posts

Latest Posts

Don't Miss

Subscribe

To be updated with all the latest news, offers and special announcements.