Fake hottie hackers flung info-slurping malware at Syrian opposition – FireEye

Love RAT heartbreak Skype chat booby trap


Cyberspies used social engineering trickery to steal Syrian opposition’s strategies and battle plans, according to security researchers.

Hackers employed a familiar tactic: ensnaring victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed onto Skype chats, the “women” would offer up a personal photo that was laden with malware and designed to compromise the target’s computer or Android phone.

Prospective marks were tricked into revealing what type of device they were using (Android phone or a computer) before hackers behind the attack slung the appropriate custom malware, said the securobods.

Typically, a female avatar would strike up a conversation on Skype and share a "personal photo" with her target. This photo file is booby-trapped with malware. Attackers are deploying a range of widely available and custom malware to hack their targets, including the DarkComet RAT, a customised keylogger, Android malware and cracking tools with different shellcode payloads.

The campaign was discovered by security researchers at FireEye, who are unsure who is running it. The researchers have said that if the data was acquired by President Bashar al-Assad’s forces or allies, it would benefit his military efforts. There are multiple references to Lebanon in the malware and in the avatars’ social media use, but this by itself doesn't prove much.

The stolen data includes battle plans and maps, supply needs and routes as well as weaponry and ammunition lists, FireEye claimed. It also exposes the personal information of fighters battling against President Assad’s forces as well as media activists, humanitarian aid workers and others within the opposition located in Syria and beyond. The avatars' campaign began in November 2013.

Hacking and malware-slinging has been a side show of the Syrian civil war for around three years. The latest research shows that hackers are refining their tactics and adopting the subtlety of social engineering attacks associated with state-sponsored hackers and intel agencies.

FireEye's research is summarised in a blog post and explained in more detail in a report here (PDF). ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021