Hacking group named Dark Caracal targets Android smartphones
Hacking group named Dark Caracal targets Android smartphones
Group named
Dark Caracal used Android spyware to steal hundreds of sensitive data from more
than 22 countries.
Spyware
traced to a building belonging to Lebanese intelligence has managed to steal of
data from thousands of people in more than 22 countries via numerous campaigns
that started back in 2013. The types of stolen data included audio recordings,
text messages, call records, documents, photos, contact information and
enterprise intellectual property.
The attacker,
who have nation-state level advanced persistent threat (APT) capabilities, were
dubbed Dark Caracal by the Electronic Frontier Foundation (EFF) and mobile
security firm Lookout. The group has targeted governments, military, financial
institutions and defense contractors.there was an implant component for
infected Windows, Mac and Linux desktops, the campaigns primarily were aimed at
infecting Android devices through fake secure messaging apps such as WhatsApp.
The attackers
sent spear phishing emails to people who are normally interesting to APT
groups. The investigation led to data associated with military personnel,
enterprises, medical professionals, activists, journalists, lawyers and
education institutions. In some cases, instead of luring victims to a malicious
site, the attackers had physical access to people’s phones to install the apps.
“One of the
interesting things about this ongoing attack is that it doesn’t require a
sophisticated or expensive exploit. Instead, all Dark Caracal needed was
application permissions that users themselves granted when they downloaded the
apps, not realizing that they contained malware,” said EFF Staff Technologist
Cooper Quintin is a press release. “This research shows it’s not difficult to
create a strategy allowing people and governments to spy on targets around the
world.”
After the
initial press release resulted in some confusion, the EFF had to clarify that
neither Signal nor WhatsApp were compromised. The infections were a result of
trojanized versions of the Android apps that were downloaded from a fake
version of an app store.
If you
downloaded your apps from Google Play, “then you are almost certainly in the
clear.” Put another way, “if you downloaded your apps from the official app
store, you can rest easy that this has likely not affected you.
In a
statement on the Lookout blog, the Google Android Security Team added, “Google
has identified the apps associated with this actor; none of the apps were on
the Google Play Store.
Android
smartphones across the world have been infected, spanning over 22 countries in
North America, Europe, the Middle East and Asia. The EFF notes, “People in the
U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal.
Comments