• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Surveillance » State-Sponsored Malware Campaign Hits Users Across 21 Countries

State-Sponsored Malware Campaign Hits Users Across 21 Countries

January 19th, 2018 Waqas Android, Malware, Security, Surveillance 0 comments
State-Sponsored Malware Campaign Hits Users Across 21 Countries
Share on FacebookShare on Twitter

Spyware and malware campaigns are on a rise currently. In a joint investigation carried out by cybersecurity company Lookout Security and the civil rights group, Electronic Frontier Foundation (EFF) a new string of spyware campaign being operated from Lebanon has been discovered.

According to the research report from Lookout Security, the campaign has been launched by a new group referred to as Dark Caracal, which is associated with attacks on not tens or hundreds but thousands of victims across 21 countries.

The range of targets is also extremely broad while the building from where this campaign is operated is situated in Beirut and owned by the Lebanese General Directorate of General Security (GDGS). GDGS has a reputation of gathering intelligence for the purpose of national security as well as launching offensive cyber-espionage campaigns.

Researchers opine that [PDF] this campaign is different from previous spyware launches because it has paved way for the trend of ‘spyware for hire.’ The campaign has been active for the past 6 years; it involves stealing of text messages, documents from journalists, call logs, WhatsApp messages, geolocation information, browsing history, audio recordings and targets corporations, military personnel and similar entities of sensitive nature. Its key targets include smartphones across the Middle East, North Africa, North America and Europe.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

The details shared by researchers show types of content Dark Caracal exfiltrated from victims on both Android and Windows.

The research team assessed test devices, which included a set of phones configured primarily to roadtest Dark Caracal, and identified that these were linked to a WiFi network that was hosted from a website of Lebanon’s security headquarters. The hacking campaign was identified after Lebanese spies published stolen data worth a gigabyte on the internet.

As per Mike Murray, Lookout Security’s intelligence head, this was just like thieves robbed a bank and kept the door where the money was stored unlocked.  When researchers analyzed the stolen data, they were able to identify that military and government personnel, education professionals, medical practitioners and people from academic fraternity across Pakistan, Germany, Italy, Russia, Syria, the United States and South Korea were among the key targets of hackers. It is worth noting that British officials are not impacted by this campaign so far.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

List of countries from where users were targeted (Lookout)

To make their targeted campaign successful, spies employed a network of fake websites and malicious smartphone applications disguised as Telegram and WhatsApp so as to steal credential information from users like passwords and spying on conversations. Until now, spies have managed to capture around 486,000 text messages.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

Dark Caracal trojanized Android apps (Lookout)

Moreover, hackers targeted victims through WhatsApp messages and Facebook groups from where malicious software was sent to targeted computers. The malware captured smartphone data after being downloaded and transferred the information back to the servers hosted by GDGS.

Apart from using Android malware including fake versions of messaging apps like Signal, the group also use the notorious surveillance tool FinFisher. The malware is also capable of stealing two-factor authentication codes and accesses the front and back cameras of the phone along with a microphone.

“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware. This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world,” said EFF Staff Technologist Cooper Quintin.

Source: Lookout / Via: EFF / Report in PDF is available here / Image credit: DepositPhotos/Kentoh

  • Tags
  • Android
  • hacking
  • internet
  • Lebanon
  • Privacy
  • security
  • Spying
  • Surveillance
  • Technology
  • WhatsApp
Facebook Twitter Google+ LinkedIn Pinterest
Previous article 6 years jail time for ‘one of the largest' dark web drug dealer
Next article Facebook Hacking Android Malware GhostTeam Found in 53 Play Store Apps
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
How to identify malware on your phone with these 7 signs

How to identify malware on your phone with these 7 signs

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

342
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

309
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

298
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1347

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us