• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

State-Sponsored Malware Campaign Hits Users Across 21 Countries

January 19th, 2018 Waqas Surveillance, Android, Malware, Security 0 comments
State-Sponsored Malware Campaign Hits Users Across 21 Countries
Share on FacebookShare on Twitter

Spyware and malware campaigns are on a rise currently. In a joint investigation carried out by cybersecurity company Lookout Security and the civil rights group, Electronic Frontier Foundation (EFF) a new string of spyware campaign being operated from Lebanon has been discovered.

According to the research report from Lookout Security, the campaign has been launched by a new group referred to as Dark Caracal, which is associated with attacks on not tens or hundreds but thousands of victims across 21 countries.

The range of targets is also extremely broad while the building from where this campaign is operated is situated in Beirut and owned by the Lebanese General Directorate of General Security (GDGS). GDGS has a reputation of gathering intelligence for the purpose of national security as well as launching offensive cyber-espionage campaigns.

Researchers opine that [PDF] this campaign is different from previous spyware launches because it has paved way for the trend of ‘spyware for hire.’ The campaign has been active for the past 6 years; it involves stealing of text messages, documents from journalists, call logs, WhatsApp messages, geolocation information, browsing history, audio recordings and targets corporations, military personnel and similar entities of sensitive nature. Its key targets include smartphones across the Middle East, North Africa, North America and Europe.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

The details shared by researchers show types of content Dark Caracal exfiltrated from victims on both Android and Windows.

The research team assessed test devices, which included a set of phones configured primarily to roadtest Dark Caracal, and identified that these were linked to a WiFi network that was hosted from a website of Lebanon’s security headquarters. The hacking campaign was identified after Lebanese spies published stolen data worth a gigabyte on the internet.

As per Mike Murray, Lookout Security’s intelligence head, this was just like thieves robbed a bank and kept the door where the money was stored unlocked.  When researchers analyzed the stolen data, they were able to identify that military and government personnel, education professionals, medical practitioners and people from academic fraternity across Pakistan, Germany, Italy, Russia, Syria, the United States and South Korea were among the key targets of hackers. It is worth noting that British officials are not impacted by this campaign so far.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

List of countries from where users were targeted (Lookout)

To make their targeted campaign successful, spies employed a network of fake websites and malicious smartphone applications disguised as Telegram and WhatsApp so as to steal credential information from users like passwords and spying on conversations. Until now, spies have managed to capture around 486,000 text messages.

State-Sponsored Spying Campaign Targeting Users Across 21 Countries

Dark Caracal trojanized Android apps (Lookout)

Moreover, hackers targeted victims through WhatsApp messages and Facebook groups from where malicious software was sent to targeted computers. The malware captured smartphone data after being downloaded and transferred the information back to the servers hosted by GDGS.

Apart from using Android malware including fake versions of messaging apps like Signal, the group also use the notorious surveillance tool FinFisher. The malware is also capable of stealing two-factor authentication codes and accesses the front and back cameras of the phone along with a microphone.

“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware. This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world,” said EFF Staff Technologist Cooper Quintin.

Source: Lookout / Via: EFF / Report in PDF is available here / Image credit: DepositPhotos/Kentoh

  • Tags
  • Android
  • hacking
  • internet
  • Lebanon
  • Privacy
  • security
  • Spying
  • Surveillance
  • Technology
  • WhatsApp
Facebook Twitter LinkedIn Pinterest
Previous article 6 years jail time for ‘one of the largest' dark web drug dealer
Next article Facebook Hacking Android Malware GhostTeam Found in 53 Play Store Apps
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

47
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us