The EFF is warning activists in Syria to use caution when downloading documents via Skype, after a new attack blends social engineering with a malicious PDF to install a Trojan on the victim’s computer. This latest attack is just another example of such schemes, the EFF said, which started earlier this year.
According to the EFF’s blog post on the matter, Syrian activists are contacted via Skype, and encouraged to download a PDF file that purports to contain plans of assistance for the city of Aleppo.
“…opposition protest has been growing steadily since a raid on Aleppo University dormitories resulted in the deaths of four students and a temporary shutdown of the state-run school earlier this month,” the post explains.
“Like many of the attacks we have reported on, this one installs a Trojan called DarkComet RAT, a remote administration tool that allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more…”
The hijacked data is then passed along to a block of Syrian IP addresses, which are the same addresses reported in previous attack by the EFF, as well as Trend Micro and Symantec.
Last week, SecurityWeek reported on the compromised version of Simurgh, a privacy tool used in Iran and Syria to bypass censorship and governmental monitoring. The compromised version is a repackaged version of the original, and has been offered on P2P networks and via web searches.
In April, there were wide reports of Syrian activists being targeted by Phishing attacks designed to compromise social networking accounts, including Facebook and YouTube. The same Trojan being used in this more recent attack was also circulated in a separate attack earlier in May; it too targeted Syrian activists.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
