Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Cybersecurity researchers have identified a new scam campaign, dubbed "Sniper Dz," that is targeting users in the Middle East and North Africa (MENA) region. The campaign utilizes a network of compromised Facebook accounts, which impersonate politicians, public figures, and well-known organizations to spread malicious content. These fraudulent accounts promote fake offers, such as free mobile internet packages, financial compensation, and government subsidy programs, designed to lure unsuspecting users. Once a user interacts with these deceptive posts, they are often redirected to phishing websites or prompted to download malware. The primary objective of the Sniper Dz campaign is to steal personal information, including login credentials and financial data, or to install spyware on the victim's device. Researchers at Group-IB, who detailed the operation, observed that the scam also leverages browser alerts to further trick users into believing their devices are infected, pushing them to download fake antivirus software. This dual approach of social engineering via fake offers and technical manipulation through browser alerts makes the campaign particularly insidious. The campaign's reach is significant, with reports indicating a wide geographical spread within the MENA region, exploiting trust in familiar online personas and urgent-sounding notifications.