Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Booby-Trapped Messaging Apps Used for Spying: Researchers

An espionage campaign using malware-infected messaging apps has been stealing smartphone data from activists, soldiers, lawyers, journalists and others in more than 20 countries, researchers said in a report Thursday.

An espionage campaign using malware-infected messaging apps has been stealing smartphone data from activists, soldiers, lawyers, journalists and others in more than 20 countries, researchers said in a report Thursday.

A report authored by digital rights group Electronic Frontier Foundation and mobile security firm Lookout detailed discovery of “a prolific actor” with nation-state capabilities “exploiting targets globally across multiple platforms.”

Desktop computers were also targeted, but getting into data-rich mobile devices was a primary objective, according to the report.

With fake versions of secure messaging services like WhatsApp and Signal, the scheme has enabled attackers to take pictures, capture audio, pinpoint locations, and mine handsets for private data.

EFF and Lookout researchers dubbed the threat “Dark Caracal.”

People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal, according to EFF director of cybersecurity Eva Galperin.

“This is a very large, global campaign, focused on mobile devices,” Galperin said.

Advertisement. Scroll to continue reading.

“Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”

Hundreds of gigabytes of data have been taken from thousands of victims in more than 21 countries, according to Lookout and the EFF.

There were indications that Dark Caracal might be an infrastructure hosting a number of widespread, global cyberespionage campaigns, some of which date back years, the report said.

Because the apps fool people into thinking they are legitimate, users give them access to cameras, microphones and data.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF staff technologist Cooper Quintin.

“This research shows it’s not difficult to create a strategy allowing people and governments spy to on targets around the world.”

Researchers reported that they tracked Dark Caracal to a building in Beirut belonging to the Lebanese General Security Directorate.

Analysis showed that devices of military personnel, businesses, journalists, lawyers, educators, and medical professionals have been compromised, according to the report.

“Not only was Dark Caracal able to cast its net wide, it was also able to gain deep insight into each of the victim’s lives,” the report concluded.

Cyber security professionals consistently warn people to be wary when downloading software, avoiding programs shared through links or email and instead relying on trusted sources.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.