Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Fake hottie hackers flung info-slurping malware at Syrian opposition – FireEye

Love RAT heartbreak Skype chat booby trap

Cyberspies used social engineering trickery to steal Syrian opposition’s strategies and battle plans, according to security researchers.

Hackers employed a familiar tactic: ensnaring victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed onto Skype chats, the “women” would offer up a personal photo that was laden with malware and designed to compromise the target’s computer or Android phone.

Prospective marks were tricked into revealing what type of device they were using (Android phone or a computer) before hackers behind the attack slung the appropriate custom malware, said the securobods.

Typically, a female avatar would strike up a conversation on Skype and share a "personal photo" with her target. This photo file is booby-trapped with malware. Attackers are deploying a range of widely available and custom malware to hack their targets, including the DarkComet RAT, a customised keylogger, Android malware and cracking tools with different shellcode payloads.

The campaign was discovered by security researchers at FireEye, who are unsure who is running it. The researchers have said that if the data was acquired by President Bashar al-Assad’s forces or allies, it would benefit his military efforts. There are multiple references to Lebanon in the malware and in the avatars’ social media use, but this by itself doesn't prove much.

The stolen data includes battle plans and maps, supply needs and routes as well as weaponry and ammunition lists, FireEye claimed. It also exposes the personal information of fighters battling against President Assad’s forces as well as media activists, humanitarian aid workers and others within the opposition located in Syria and beyond. The avatars' campaign began in November 2013.

Hacking and malware-slinging has been a side show of the Syrian civil war for around three years. The latest research shows that hackers are refining their tactics and adopting the subtlety of social engineering attacks associated with state-sponsored hackers and intel agencies.

FireEye's research is summarised in a blog post and explained in more detail in a report here (PDF). ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like