Europol Shuts Down Major Phishing Scheme Exposing iServer PhaaS Platform and Global Cybercrime Operations
In a significant blow to international cybercrime, Europol has dismantled a large-scale phishing operation targeting mobile phone credentials. The takedown of the phishing-as-a-service (PhaaS) platform, known as iServer, marks a turning point in the fight against phishing schemes that exploit stolen and lost mobile devices. Law enforcement agencies from multiple countries participated in the operation, dubbed Operation Kaerb, leading to the arrest of 17 individuals and the seizure of hundreds of items, including mobile devices, vehicles, and weapons.
Table of Contents
iServer’s Phishing-as-a-Service Targeting Mobile Phone Credentials
iServer, an automated phishing platform, stood out from other PhaaS services by specializing in unlocking stolen or lost mobile phones. Criminals using the platform, often referred to as “unlockers,” targeted user credentials from cloud-based mobile platforms, enabling them to bypass security features like Lost Mode and gain control of devices. By impersonating trusted mobile services, they deceived victims into handing over sensitive information such as passwords and two-factor authentication (2FA) codes.
This phishing platform primarily targeted Spanish-speaking users across Europe, North America, and South America, with Chile, Colombia, Ecuador, and Peru reporting the highest number of victims. In total, iServer claimed more than 483,000 victims worldwide.
Operation Kaerb: Global Effort to Take Down iServer
The coordinated effort, led by law enforcement agencies from Spain, Argentina, Chile, Colombia, Ecuador, and Peru, culminated in the arrest of the Argentinian national responsible for developing and operating iServer since 2018. Over the course of the operation, 17 arrests were made, 28 searches were conducted, and 921 items, including mobile devices and electronic equipment, were confiscated.
In total, more than 1.2 million mobile phones are believed to have been unlocked through the phishing platform. The scheme not only helped criminals gain unauthorized access to stolen phones but also facilitated the illegal sale of these services to third-party buyers, including phone thieves.
How the Phishing Scheme Worked
iServer employed sophisticated techniques to trick victims into revealing their device credentials. Criminals would send fraudulent SMS messages to victims, urging them to click a link to locate their lost phone. The link led them through a series of redirects, ultimately landing on a fake login page that mirrored popular cloud-based platforms. Victims were asked to input their credentials, device passcodes, and 2FA codes, which were then used by attackers to unlock and unlink the phones from their rightful owners.
According to Singapore-based cybersecurity firm Group-IB, iServer’s automation of phishing page creation and delivery set it apart from traditional phishing platforms. By automating these processes, iServer empowered low-skilled criminals to execute sophisticated phishing attacks with minimal effort.
Ghost Platform Also Dismantled in Global Action
In a related development, Europol and the Australian Federal Police (AFP) dismantled another criminal network that operated an encrypted communications platform known as Ghost. Similar to services like EncroChat and Sky ECC, Ghost allowed criminal organizations to conduct illegal activities such as drug trafficking, money laundering, and violence while evading detection.
Ghost, accessible through custom Android smartphones, offered users features such as encrypted messaging and the ability to self-destruct messages. The platform became a hub for organized crime, with thousands of users exchanging over 1,000 messages daily. As part of Operation Kraken, 51 arrests were made, including 38 in Australia, with key figures linked to criminal syndicates taken into custody.
Europol’s Ongoing Fight Against Cybercrime
The takedown of iServer and the Ghost platform underscores Europol’s commitment to dismantling cybercrime networks that leverage digital tools to exploit victims. As these operations show, phishing-as-a-service and encrypted communication platforms have become integral tools for cybercriminals, making coordinated global law enforcement efforts crucial to curbing their spread.
With cybercriminals constantly evolving their tactics, including turning to lesser-known platforms, it’s essential for law enforcement and private companies to stay ahead of the curve. Cooperation between nations, combined with technological advancements in law enforcement, will continue to play a key role in the ongoing fight against cybercrime.
For individuals, the best line of defense remains vigilance. Being cautious about unsolicited messages, verifying links before clicking, and utilizing two-factor authentication can help protect personal data and mobile devices from falling into the wrong hands.