• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Android malware on Play Store targeting Palestinians on Facebook

April 17th, 2018 Waqas Security, Malware 0 comments
Android malware on Play Store targeting Palestinians on Facebook
Share on FacebookShare on Twitter

We have reported time and again about the widespread malware and espionage attacks that are taking place on Facebook. In fact, it won’t be wrong to state that the social network has become the hub of nation-state spying activity. However, it is the first time that Palestinians have been targeted with Android spyware all thanks to a fake Facebook page.

[squaread][/squaread]

The IT security experts at Lookout identified two different campaigns where hackers used Android applications to carry out targeted surveillance across the Middle East.

In one of the campaigns, a fraudulent female was found to be advertising about a malicious application on Facebook that was capable of bypassing the security of the Google Play app marketplace. She was distributing an application titled Dardesh, which is a chat app that was available on Google’s official Play Store for Android tools. This fake app was removed by Google in April.

Android malware on Play Store targeting Palestinians on Facebook

Screenshot of the fake Facebook page

The malware was hidden in this app, which basically was created using two types of already identified spyware called Desert Scorpion and FrozenCell. Palestinians are the main targets of this malicious app. After the app gets installed it switches on the microphone and records conversations as well as track location of the user and steals contact, calls, and text related information.

The apps are developed from two different families of malware, which are designed for surveillance. Both the malware targeted nearly a thousand unsuspecting users while ViperRAT was distributed using social engineering skills. ViperRAT uses infected devices to capture photos and record conversations. ViperRAT is incorporated into both the Android apps while the same malware was previously noted to be targeting members of Israeli Defense Force.

The group responsible for creating and distributing the malware is called APT-C-23. The group is targeting users in the Middle East and Palestine. The group’s fake page was created in October 2013 and operated by someone using the handle @kalmat1990. Cybersecurity firm Lookout revealed that this page features more than 5,000 followers and likes.

It is worth noting that the spyware couldn’t infect a large number of users since, on Google Play Store, the total number of downloads only reached 500 prior to the removal of this app. However, the group has been adopting notorious ways to spy over targets in the Middle East and Palestine, which refers to adopting malicious functionality into multiple stages, which are downloaded one-by-one while the execution process is underway.

“The Lookout Threat Intelligence team is increasingly seeing the same tradecraft, tactics, and procedures that APT-C-23 favors being used by other actors. The approach of separating malicious functionality out into separate stages that are later downloaded during execution and not present in the initial app published to the Google Play Store, combined with social engineering delivered via social media platforms like Facebook, requires minimal investment in comparison to premium toolings like Pegasus or FinFisher,” Lookout said.

Lookout also discovered two other chat apps namely Vokachat and Chattak that were being used for government surveillance. Both were featured on Google’s official store and downloaded over a 1,000 times collectively. What’s surprising is the fact that ViperRAT spyware was hidden in each app’s malicious code. Currently, it is not clear whether these two chat apps were used to target Israeli Defense Forces or not.

Regardless if it gets confirmed or not as to which was actually the target, what we can extract from the abovementioned reports is that Facebook is a thriving hub of malicious spying activities of hackers.

Image credit: Depositphotos

  • Tags
  • Android
  • Cyber Attack
  • Cyber Crime
  • cyber war
  • Facebook
  • hacking
  • IDF
  • internet
  • Israel
  • Malware
  • Palestine
  • RAT
Facebook Twitter LinkedIn Pinterest
Previous article Over 20 million Chrome users have installed fake malicious Ad Blockers
Next article Woman who hacked airline network busted through VPN logs
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

101
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

121
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

165

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us