Cyberespionage Group Targets Israeli Soldiers With Android Malware
Security experts have revealed that more than 100 soldiers from the Israel Defense Forces (IDF) have been the target of a cyberespionage group. The Israeli soldiers had their Android phones infected with surveillance malware.
Israeli Soldiers Were Targeted By Cyberespionage Group
According to Computerworld, more than 100 members of the Israeli military fell victim to a cyberespionage attack. Information from their mobile devices was stolen by using malicious Android applications. The majority of soldiers victim of the cyberespionage campaign were stationed around the Gaza strip.
According to researchers from antivirus firm Kaspersky Lab, the attack started in July 2016. The same source claimed that the cyberespionage campaign continues to date. The IDF Information Security Department has also cooperated in the investigation with the digital security researchers from the private company.
How Does It Work?
The Israeli soldiers have been tricked by hackers via social networks such as Facebook. The hackers posed as attractive women from various countries such as Switzerland, Germany and Canada. The victims were tricked to install an Android malware application that scanned their mobile phone and downloaded another malware app pretending to be an update for an already installed application.
According to Softpedia News, the app needs to be installed manually, once the APK file was downloaded from the malicious address. The app then demands various permissions, including permission to access the network state and to access the Internet, to write to external storage, as well as to delete and install packages. The dropper relies on the configuration server, depending on each device, in order to discover which payload is best to download.
A list of installed apps on the infected mobile device is also sent out by the dropper. Some variants will pretend to be chat apps, another variant will pretend to be a YouTube layer, depending on what's already installed on the device. This behavior is something that tech experts have already noticed before with other types of malware.
For instance, the Kaspersky researchers have detected a malware named "WhatsApp_Update." This malicious app allows hackers to execute scheduled or on-demand commands once installed on the phone. These commands can be used to access the contacts list, read text messages, eavesdrop at specific times of the day, take pictures and screenshots and record video and audio.
According to the Kaspersky researchers, this is likely only the "opening shot" of the operation. The cyberespionage campaign is probably a targeted attack against the Israel Defense Forces with the aim to gather data on which tactics and equipment the IDF is using, how ground forces are spread and other real-time intelligence gathering.
This cyberattack makes a clear example of how Android malware can be used to spy on enemy soldiers in warfare operations. It is also reported that a similar attack, also using Android malicious apps, has recently infected the mobile phones of Ukrainian artillery personnel taking part in the ongoing conflict that is affecting the Donbass region. The Ukrainian malware has been created by the Russian APT28 cyberespionage group and it was delivered as a trojanized version of a custom application.
More Than 2 Million Accounts Compromised By Android Malware
Security experts discovered an Android malware that hacked devices through various Google Play apps.
Android Malware Called Gooligan Compromised A Million Google Accounts: Could You Be One Of The Victims?
Just as many other situations of this kind, users didn´t expected to be victims of a malware, so this would set a precedent that authorities must solve to avoid from happening again.
Foreign-held telecomm companies excluded from NSA surveillance sweep
Two major U.S. telecommunications companies were exempted from the NSA's metadata spying program not because they refused to cooperate, but because foreign companies have too much control over them.
Microsoft gives zero-day exploits to military before patching them: Report
Microsoft and various other tech and manufacturing firms are apparently handing sensitive data over to the U.S. government for preferential treatment. Can U.S. tech firms ever be trusted again?
MORE IN ITECHPOST
Samsung Galaxy S8 Active vs Galaxy S7 Active: Which Rugged Device Is Better?
Samsung Galaxy S8 Active is the newly launched rugged device from Samsung. In this article, we will compare this year's flagship with previous year's Galaxy S7 Active.
'Tokyo Ghoul' Season 3 Delayed By Its Live-Action Movie? Ken Kenaki Returns With Another Identity?
"Tokyo Ghoul" season 3's release is delayed and there are countless speculations as to why it is being pushed back. Reports claim that the show is to give way to "One Punch Man" and "My Hero Acdemia" but new rumors say that it's lack of materials and storyline as well as its live-action movie are causing the delay.
Why Valve’s Revelation Of ‘Artifact’ Dismayed ‘Dota’ Fans?
The unexpected revelations of Valve's "Artifact" card game earned unexpected negative reactions from the Dota community.