Criminals used the iServer platform to unlock and fully take over stolen smartphones. But last week, police in several countries helped shut it down.
A hacking service that helped criminals unlock about 1.2 million stolen or lost smartphones has been dismantled following a police crackdown.
The “iServer” hacking platform targeted as many as 483,000 victims worldwide, according to cybersecurity firm Group-IB, which helped police take down the service.
The hacking service helped criminals fully take over a stolen or lost phone. Thieves would send phishing messages to a phone’s owner and trick them into handing over lock-screen passcodes and other sensitive credentials.
(Credit: Group-IB)
The iServer platform “automates the creation and delivery of phishing pages that imitate popular cloud-based mobile platforms,” Group-IB says. It attracted criminals who specialized in unlocking smartphones and then sold its services to thieves in possession of the stolen devices.
To pull this off, it seems the thieves would first learn the contact details of the phone’s owner through the device’s Lost Mode; iServer could then send a fake SMS or email message to the phone’s owner, pretending to be a company such as Apple. The fake phishing page could then trick the victim into handing over their phone’s passcode.
(Credit: Group-IB)
(Credit: Group-IB)
“Ultimately, criminals receive the stolen and validated credentials through the iServer web interface, enabling them to unlock a phone, turn off ‘Lost mode’ and untie it from the owner’s account,” Group-IB added.
The iServer platform dates back to 2018 and mainly attracted Spanish-speaking criminals in Europe and Latin America, according to Group-IB. But following a police investigation that began in 2022, law enforcement in six countries last week managed to dismantle the platform. This included arresting an Argentinian national who allegedly created iServer, according to Europol.
Investigators also found that more than 2,000 “unlockers” had registered to use the service. Seventeen suspects were arrested during the crackdown with 921 devices seized, most of them mobile phones.
Source : https://www.pcmag.com/news/this-phishing-service-helped-criminals-break-into-1-million-plus-stolen#:~:text=The%20%22iServer%22%20hacking%20platform%20targeted,a%20stolen%20or%20lost%20phone.