Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Trojan Targeting Syrian Activists Spreading via Skype

The EFF is warning activists in Syria to use caution when downloading documents via Skype, after a new attack blends social engineering with a malicious PDF to install a Trojan on the victim’s computer. This latest attack is just another example of such schemes, the EFF said, which started earlier this year.

According to the EFF’s blog post on the matter, Syrian activists are contacted via Skype, and encouraged to download a PDF file that purports to contain plans of assistance for the city of Aleppo.

The EFF is warning activists in Syria to use caution when downloading documents via Skype, after a new attack blends social engineering with a malicious PDF to install a Trojan on the victim’s computer. This latest attack is just another example of such schemes, the EFF said, which started earlier this year.

According to the EFF’s blog post on the matter, Syrian activists are contacted via Skype, and encouraged to download a PDF file that purports to contain plans of assistance for the city of Aleppo.

“…opposition protest has been growing steadily since a raid on Aleppo University dormitories resulted in the deaths of four students and a temporary shutdown of the state-run school earlier this month,” the post explains.

“Like many of the attacks we have reported on, this one installs a Trojan called DarkComet RAT, a remote administration tool that allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more…”

The hijacked data is then passed along to a block of Syrian IP addresses, which are the same addresses reported in previous attack by the EFF, as well as Trend Micro and Symantec.

Last week, SecurityWeek reported on the compromised version of Simurgh, a privacy tool used in Iran and Syria to bypass censorship and governmental monitoring. The compromised version is a repackaged version of the original, and has been offered on P2P networks and via web searches.

In April, there were wide reports of Syrian activists being targeted by Phishing attacks designed to compromise social networking accounts, including Facebook and YouTube. The same Trojan being used in this more recent attack was also circulated in a separate attack earlier in May; it too targeted Syrian activists.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights