850 Records Exposed: The Iran WhatsApp Phishing Campaign 2026 Deep Dive
A sophisticated Iran WhatsApp phishing campaign has exposed 850 records of activists and officials. Learn how hackers used QR codes and DuckDNS to bypass security.
A single tap was all it took to turn a smartphone into a pocket-sized spy. A sophisticated hacking operation targeting Iranian activists and Middle Eastern officials has been unmasked. According to TechCrunch, an investigation into a phishing link shared by activist Nariman Gharib revealed that over 850 records of victim data were left exposed on an unprotected server.
Tactics of the Iran WhatsApp Phishing Campaign 2026
The attackers utilized WhatsApp messages to lure targets into fake virtual meeting rooms. By leveraging dynamic DNS providers like DuckDNS, they masked their malicious infrastructure. The most alarming tactic involved a QR code lure that, once scanned, granted hackers full access to the victim's messaging history via device-linking features.
- Credential Theft: Fake Gmail login pages captured 2FA codes in real-time.
- Surveillance: The site requested browser permissions to track GPS coordinates.
- AV Capture: The code was designed to snap photos every 3-5 seconds.
High-Value Targets and IRGC Links
The list of confirmed victims includes an Israeli drone maker CEO, a Lebanese cabinet minister, and various academics. Security researcher Gary Miller noted that the attack bears the hallmarks of an IRGC-linked campaign, suggesting a state-sponsored espionage motive rather than simple cybercrime.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
North Korean hackers used ChatGPT, Cursor, and AI web tools to steal $12M in crypto in 90 days—without knowing how to code. What this means for cybersecurity's future.
Anthropic's AI cybersecurity model is reportedly available to the NSA and Commerce Department—but not to CISA, the agency responsible for defending US federal infrastructure. What that gap reveals.
After two months of bitter conflict, Anthropic and the Trump administration may be thawing—thanks to a new cybersecurity AI model. What does it mean when principle meets political pressure?
A disgruntled security researcher published working exploit code for three unpatched Windows Defender vulnerabilities. Hackers weaponized it within days. Here's what it means for everyone running Windows.
North Korean hackers used ChatGPT, Cursor, and AI web tools to steal $12M in crypto in 90 days—without knowing how to code. What this means for cybersecurity's future.
Anthropic's AI cybersecurity model is reportedly available to the NSA and Commerce Department—but not to CISA, the agency responsible for defending US federal infrastructure. What that gap reveals.
After two months of bitter conflict, Anthropic and the Trump administration may be thawing—thanks to a new cybersecurity AI model. What does it mean when principle meets political pressure?
A disgruntled security researcher published working exploit code for three unpatched Windows Defender vulnerabilities. Hackers weaponized it within days. Here's what it means for everyone running Windows.
Thoughts
Share your thoughts on this article
Sign in to join the conversation