A sub-group of the ‘Molerats’ threat-actor has been using voice-changing software to successfully trick targets into installing malware, according to a warning from Cado Security.
The Molerats hacking group, also tagged as Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal, and Moonlight, has been active since at least 2012, mainly targeting entities in the Middle East, but also launching attacks against targets in Europe and the United States.
Cado Security says that APT-C-23, believed to be part of Molerats, typically uses social engineering to trick victims into installing malware, and was previously observed impersonating women in attacks that leveraged social media sites to target soldiers in the Israel Defence Forces.
In recent attacks targeting political opponents, APT-C-23 appears to have taken the spear-phishing to a new level, through the use of voice-changing software to pose as women (the group’s members that have been identified so far are all men).
“APT-C-23 has been observed impersonating women to engage victims in conversations. As the conversations continue, the group sends video laden with malware to infect the target’s system,” Cado Security said.
While analyzing a publicly exposed server pertaining to the hacking group, Cado Security researchers identified an archive containing photos from the Instagram account of a female model, along with the installation for the voice changing application Morph Vox Pro.
“Given the context of both previous APT-C-23 attacks and the other contents of the folder, we think the most likely explanation for MorphVox being part of their toolset is that it was used to produce audio messages in a female voice to encourage targets to install their malware,” the company said.
On the same server, the researchers identified various tools employed by the attacks, such as the application used to bulk-send phishing emails, another to hack Voice over IP systems, one with example commands to find vulnerable routers, and a folder containing a Microsoft credential phishing page.
Related: Backdoors Used by Hamas-Linked APT Abuse Facebook, Dropbox
Related: New Backdoor Attacks Leverage Political Turmoil in Middle East
More from Ionut Arghire
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
Latest News
- Backslash Snags $8M Seed Financing for AppSec Tech
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Malware Trends: What’s Old Is Still New
- Burnout in Cybersecurity – Can It Be Prevented?
