Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Mystery deepens over Android spyware targeting Israeli soldiers

'Unlikely Hamas is responsible' – researchers

Hackers are continuing to target Israeli Defence Force (IDF) personnel with Android spyware but doubts have emerged that Hamas is behind the cyber-spying operation.

ViperRAT has been specifically designed to exfiltrate information of high value from compromised devices. "Many of these samples are still active and are continuing to covertly copy files of interest from infected devices to attack controlled servers", mobile security firm Lookout reports.

Initial reports had suggested IDF personnel had been compromised by social engineering — being lured into entering communications with third parties (posing as young women) through apps such as SR Chat and YeeCall Pro. ViperRAT has also surfaced in a billiards game, an Israeli Love Songs player, and a Move To iOS app.

A popular early theory was that Hamas was behind the malfeasance. Researchers at Lookout have come to doubt that theory.

"Strings found during source code analysis, as well as the overall sophistication of ViperRAT, suggest it is unlikely that Hamas is responsible for it," according to Lookout. "Research indicates the actor behind it has a well-developed cyber-capability, an active interest in the Middle East region, and likely previously released a non-malicious application to the Google Play Store that is currently still live."

ViperRAT comes in a couple of forms. One is a malicious application the victim is tricked into installing. Typically, someone pretending to be a hot young woman on the internet sends a link to a mark and persuades them to click on it and install the Trojanized app. This malware performs basic profiling of a device, and under certain conditions attempts to download and install a much more comprehensive surveillance component – the second ViperRAT variant.

This second variant is responsible for intelligence gathering and retrieving a broad range of data from compromised devices including locations, web histories, audio clips from calls, text messages and more. The attackers are also hijacking the device camera to take pictures, say the researchers.

"Based on trade craft, modular structure of code and use of cryptographic protocols [AES and RSA encryption] the actor appears to be quite sophisticated," Lookout concludes.

Further research on the same campaign by Kaspersky Lab can be found here. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like