Malware, which helps attack any piece of software to gain access to private information of users, is spreading on wings rapidly, especially on mobile devices that run Android operating system (OS). What is more worrying is the latest round of attack by malwares is allegedly sponsored by the State. In January 2018, EFF (formerly the Engineering Employers' Federation, UK) and Lookout reported a new spyware that is allegedly operating from Lebanon. The spyware named Dark Caracal primarily targets mobile devices which are compromised due to use of fake secure messaging clients like Signal and WhatsApp. Lookout, an anti-virus and security solutions-provider, says, “Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across over 21 countries and thousands of victims. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. We believe this actor is operating their campaigns from a building belonging to the Lebanese General Security Directorate (GDGS) in Beirut.”
“Dark Caracal is using the same infrastructure as was previously seen in the Operation Manul campaign, which targeted journalists, lawyers, and dissidents critical of the government of Kazakhstan,” the report from Lookout says.
Kaspersky Lab has also reported a new Android spyware with several features previously unseen in the wild. “...the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via accessibility services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals,” the anti-virus-maker says in its blog.
This spyware named Skygofree, by Kaspersky, affects Windows PC as well. Skygofree mimics many landing pages of sites of mobile operators for spreading the implant. Creation of such landing pages are used for exploitation through redirection or man-in-the-middle attacks.
It says, “Given the many artefacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam.”
In 2017, according to the Kaspersky report, almost half (12) of the top 30 most popular Android Trojans were rooting ones. This is down from 2016 (22), but shows vulnerability in the Android system. In 2017, Ztorg Trojan, for example, was able to steal money through clickjacking attacks on WAP-billing sites. Other malware was sending premium rate SMSs, delete all incoming SMS and silently stealing money from the user’s mobile account.
All this points out to the fact that malware and spyware are evolving rapidly and becoming more sophisticated day by day. What is happening in the cyber world is that hackers are not only stealing piece of codes from State agencies, like the US National Security Agency (NSA), but they are now openly dumping such codes in the darknet for criminals to use. This means we, as users, and security-providers need to be a step ahead, a very difficult task, indeed.
So what we can do to protect ourselves from these ever-increasing threats? First, remember the power of basic security, like using a strong and robust password, regular software updates and disabling connectivity for apps or software that does not require to be connected to Internet. In addition, before downloading any app or software, make sure to use an authorised online store and do not forget to check the developer behind the app. Last, but not the least, is to use a good security solution that provides protection from virus and malwares. Remember, prevention is always better than cure.
