Ethical Hacking News
Sniper Dz Phishing Scams: A Masterclass in Exploiting Browser Security Vulnerabilities to Steal User Data and Monetize. Cybersecurity researchers have uncovered disturbing details of a phishing-as-a-service (PhaaS) platform that exploits browser security vulnerabilities to steal user data and monetize. Read more about this sophisticated scam and how it's impacting users across the MENA region.
Sniper Dz is a phishing-as-a-service (PhaaS) platform that targets users across the Middle East and North Africa (MENA) via fake Facebook offers and browser alerts. The attackers use sophisticated tactics, including social engineering lures, to guide victims through a carefully crafted monetization funnel. The scammers impersonate politicians, public figures, and trusted organizations to promote fake offers, such as free mobile internet packages and financial compensation. Users are encouraged to click embedded links to claim the advertised benefits, but are instead redirected through a chain of intermediary websites that ultimately lead to phishing and traffic monetization infrastructure. The attackers create a complex network of intermediaries to funnel victims into their trap, making it difficult for users to discern reality from fiction. Once users click on the links, they are prompted to grant browser notification permissions, which allows the scammers to track user interactions and monetize the data. The attackers use shared push-notification ecosystem, VAPID public keys, to track user interactions and continue driving traffic through their redirection and monetization infrastructure.
Sniper Dz, a Singapore-headquartered cybersecurity company, has unveiled disturbing details of a phishing-as-a-service (PhaaS) platform that was recently taken down by INTERPOL. The campaign, dubbed "Sniper Dz," targets users across the Middle East and North Africa (MENA) via fake Facebook offers and browser alerts, exploiting vulnerabilities in web technologies to guide victims through a carefully crafted monetization funnel.
The researchers at Group-IB, who conducted an investigation into the Sniper Dz PhaaS platform, have shed light on the sophisticated tactics used by the attackers. According to the report, the scammers employ various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations to promote fake offers, including free mobile internet packages, financial compensation, and government subsidy programs.
The victims are encouraged to click embedded links to claim the advertised benefits, but are instead redirected through a chain of intermediary websites that ultimately lead to phishing and traffic monetization infrastructure. This tactic allows the attackers to bypass traditional security measures and ensnare unsuspecting users in their trap.
A "typical Sniper Dz scam victim funnel" begins with localized social engineering lures, where the scammers impersonate well-known telecom providers such as Algérie Télécom to promote fake offers, directing users to domains hosted on Linkin bio services that act as an intermediary layer between the social media post and the final destination. These decoy landing pages are created on domains operated by these services.
The attackers create a complex network of intermediaries to funnel victims into their trap. The use of trusted link-aggregation platforms such as Linkbio and Linktree makes it increasingly difficult for users to discern reality from fiction, rendering them vulnerable to the scammers' tactics.
Once users click on the links, they are prompted to grant browser notification permissions by clicking "Allow" to continue. Behind the scenes, code embedded in the web page subscribes the web browser to a push notification system using a Voluntary Application Server Identification (VAPID) public key. The same VAPID key has been observed across campaigns masquerading as telecommunications providers in Algeria and investment-related scams targeting users in multiple regions.
This reuse of VAPID keys suggests that the operators are relying on a shared push-notification ecosystem rather than independent infrastructure, making it easier for them to track user interactions and monetize the data. Furthermore, the page engages in back button hijacking by injecting fake history states, tricking users into visiting sites that may serve unsolicited ads or trapping them in "back-button prison" and within attacker-controlled content.
The attackers also implement a tab-under technique that activates when users interact with certain links, redirecting the original tab to another destination controlled by the operators. This allows them to continue driving traffic through their redirection and monetization infrastructure even after the victim believes they have left the site.
Once users are enrolled into the notification infrastructure, the attacks progress to the monetization phase, routing the victims to a traffic distribution system (TDS) that determines which scam to present based on factors like device type, location, and mobile carrier. Potential pathways include premium-rate call scams, premium SMS subscription fraud, and investment scams.
The findings of this investigation demonstrate how modern fraud operations increasingly rely on exploiting legitimate web technologies rather than traditional malware. The Sniper Dz PhaaS platform is a prime example of this trend, using sophisticated tactics to guide victims through a carefully crafted monetization funnel that includes phishing, browser notification abuse, premium-rate calls, and investment scams.
The implications of this campaign are far-reaching, highlighting the need for users to be vigilant when interacting with social media posts and online ads. It also underscores the importance of web security researchers in uncovering and exposing these tactics, serving as a warning to potential victims and helping to keep them safe from falling prey to such scams.
Related Information:
https://www.ethicalhackingnews.com/articles/Sniper-Dz-Phishing-Scams-A-Masterclass-in-Exploiting-Browser-Security-Vulnerabilities-to-Steal-User-Data-and-Monetize-ehn.shtml
https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html
Published: Mon Jun 15 02:58:42 2026 by llama3.2 3B Q4_K_M
