Security experts have revealed that more than 100 soldiers from the Israel Defense Forces (IDF) have been the target of a cyberespionage group. The Israeli soldiers had their Android phones infected with surveillance malware.
Israeli Soldiers Were Targeted By Cyberespionage Group
According to Computerworld, more than 100 members of the Israeli military fell victim to a cyberespionage attack. Information from their mobile devices was stolen by using malicious Android applications. The majority of soldiers victim of the cyberespionage campaign were stationed around the Gaza strip.
According to researchers from antivirus firm Kaspersky Lab, the attack started in July 2016. The same source claimed that the cyberespionage campaign continues to date. The IDF Information Security Department has also cooperated in the investigation with the digital security researchers from the private company.
How Does It Work?
The Israeli soldiers have been tricked by hackers via social networks such as Facebook. The hackers posed as attractive women from various countries such as Switzerland, Germany and Canada. The victims were tricked to install an Android malware application that scanned their mobile phone and downloaded another malware app pretending to be an update for an already installed application.
According to Softpedia News, the app needs to be installed manually, once the APK file was downloaded from the malicious address. The app then demands various permissions, including permission to access the network state and to access the Internet, to write to external storage, as well as to delete and install packages. The dropper relies on the configuration server, depending on each device, in order to discover which payload is best to download.
A list of installed apps on the infected mobile device is also sent out by the dropper. Some variants will pretend to be chat apps, another variant will pretend to be a YouTube layer, depending on what's already installed on the device. This behavior is something that tech experts have already noticed before with other types of malware.
For instance, the Kaspersky researchers have detected a malware named "WhatsApp_Update." This malicious app allows hackers to execute scheduled or on-demand commands once installed on the phone. These commands can be used to access the contacts list, read text messages, eavesdrop at specific times of the day, take pictures and screenshots and record video and audio.
According to the Kaspersky researchers, this is likely only the "opening shot" of the operation. The cyberespionage campaign is probably a targeted attack against the Israel Defense Forces with the aim to gather data on which tactics and equipment the IDF is using, how ground forces are spread and other real-time intelligence gathering.
This cyberattack makes a clear example of how Android malware can be used to spy on enemy soldiers in warfare operations. It is also reported that a similar attack, also using Android malicious apps, has recently infected the mobile phones of Ukrainian artillery personnel taking part in the ongoing conflict that is affecting the Donbass region. The Ukrainian malware has been created by the Russian APT28 cyberespionage group and it was delivered as a trojanized version of a custom application.
