Data-Stealing Malware ‘Traced To Lebanon’
AntivirusNews January 27, 2018 Euan Viveash
Researchers claim malware that exploits security bugs has been traced back to a Lebanese government building.
The malware, responsible for infecting thousands of smartphones across the world, was uncovered by campaign group the Electronic Frontier Foundation (EFF) in conjunction with security firm, LookOut.
The malware mainly affected Android smartphones across some 21 countries including North America, Europe, the Middle East and Asia. In a statement, the also EFF said that “People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal.”
Does this Malware have a name?
Most worryingly, the âDark Caracalâ malware, as it has been named by the EFF appears to have emanated from a Nation State, and may have shared characteristics and even allegiances with other nation-state hackers, EFFâs report suggested.
While Dark Caracal was spread to smartphones world-wide, itâs main targets included military personnel, activists, politicians, journalists and lawyers.
How did they do it?
The hackers in question mostly used apps that resembled legitimate communication platforms like Signal and WhatsApp to steal thousands of gigabytes of data, installing the fake versions of the apps with malicious malware, that allowed the hackers to freely eavesdrop into users’ conversations.
I bet the hackers took the security of all this data very seriously.
No they didnât, surprisingly… Storing all that confidential and important data, seems to have been something of a secondary consideration for the hackers.
According to EFF, the hackers’ chose to store all that stolen data exposed online on a completely unprotected server. storage of the stolen info also wasn’t terribly sophisticated, as it was all left exposed online on an unprotected server.
“It’s almost like thieves robbed the bank and forgot to lock the door where they stashed the money,” Mike Murray, Lookout’s head of intelligence, told the Associated Press.
“Based on the available evidence, it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal,â reads the Dark Caracal Technical Report.
The EFF and Lookout traced devices used for testing and operating by Dark Caracal back to a building belonging to the Lebanese General Security Directorate (GDGS), one of Lebanonâs intelligence agencies, in Beirut.
“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit,” EFF Staff Technologist Cooper Quintin said in a statement. “Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware.”
Just Android affected?
Mostly. While the Dark Caracal exploit successfully infiltrated its way across Android based systems, there was similar malware that attempted to for infect Windows, Mac and Linux desktops, however, the hackers mainly focused their efforts on Android devices.