DTX Manchester DTX Manchester
  • About Us
Wednesday, 20 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Hackers linked to Syrian government target civilians with spyware via mobile apps  

The latest example of COVID-19 scams

by Joel
April 17, 2020
in Featured, Hacking, Malware, Phishing and Ransomware
Phone hack
Share on FacebookShare on Twitter

Researchers have unearthed a COVID-19 related spyware campaign that is specifically targeting Syrians and “likely other Arabic speaking” individuals in the Middle East region. Threat researchers at mobile security specialists, Lookout, discovered that over the

past month, hackers, who are supposedly linked with the Syrian regime of President Bashar Al-Assad, have used at last 71 new malicious apps on Android mobile devices through the means of luring users with the coronavirus pandemic. The spyware threat is believed to retrieve critical intelligence on civilian movement, locations, messages, pictures, videos, audios and contacts.

The full research can be found here: https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures

Kristen Del Rosso, senior security intelligence engineer at Lookout said regarding attribution to the campaign:

We believe there is a high probability this campaign can be attributed to the Syrian Electronic Army. They are a known pro-Assad group and the Syrian government has tight control over internet infrastructure and a heavy history of digital censorship. The malicious apps reported on in this blog contained unintentional traces of a persona (“Allosh”) previously associated with this group in the “SilverHawk” campaign. She continues, “in addition, this campaign’s infrastructure is located in a block of addresses held by Tarassul Internet Service Provider, an ISP owned by — and sharing network infrastructure with — the state-owned Syrian Telecommunications Establishment (STE). The Android malware previously associated with this group, SilverHawk, was also located on IP addresses belonging to STE.

None of these corrupted apps were available on the official Google Play Store, suggesting they were likely distributed through actor-operated watering holes or third-party app stores.

Of the malicious applications in this campaign, 64 of 71 are SpyNote samples, a well known commercial surveillanceware family. The remainder belong to the SandroRat, AndoServer, and SLRat families, of which the latter two have not yet been publicly reported on.

Lookout previously reported on another surveillanceware campaign using COVID-19 related lures targeting Libya.

Syrian Malware
Figure 1: An example of the spyware in action

The newly installed application (com.finger.body.temperature.ap) is a benign prank – a fake digital thermometer that serves as a decoy. Meanwhile the malware continues to operate in the background.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Share1TweetShare
Previous Post

In Defense of Zoom

Next Post

Warnings of cybersecurity threats and election interference in Singapore

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

View from the back of an aeroplane aisle.

Airline Passenger Data Stolen by Hackers

January 20, 2021
iPhone X/11, open Mail application with empty inbox. To the left of the phone is a green plant.

Emails exposed to SolarWinds Hackers

January 20, 2021
Money signs

Covid-19 and Brexit result in 70% of UK financial firms suffering cyber-attacks

January 20, 2021
Camera lense

1.4 million Pixlr user records shared on hacker forum

January 20, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept