Egyptian government caught tracking opponents and activists through phone apps

Intelligence services developed system, says security outfit

16 Reg comments Got Tips?

The Egyptian government has been targeting and tracking citizens in a sophisticated spying program that allows it to read emails, log contacts and record their location, according to a new report by Check Point.

A wide range of Egyptian citizens, ranging from journalists to politicians, activists and lawyers, have been targeted in the program, the security organization claims, with most of the spying done through apps downloaded onto their smartphones.

Check Point has identified 33 individuals that were specifically targeted and encouraged to download apps that offered useful services but whose real intent was to bug the phone.

Secure Mail was a Gmail add-on that promised greater security but which prodded users to provide their password, which was then used to compromise their accounts. Another, iLoud200%, offered a smart storage solution that would free up storage space on your phone but which bypassed privacy settings and sent location details to outside servers. Another app, IndexY, offered a callerID service but stored and transmitted call logs.

These apps were available through the official Google Play store, giving victims a degree of confidence that they were legitimate but also demonstrating that the apps are sufficiently sophisticated to get past Google’s security review. Each app was also designed and promoted to minimize uncertainty: it would make sense for a Caller ID app, for example, to have access to call logs and contacts.

The data that was pulled off the devices was sent to a range of domain names that included names like “secure” and “verify” as a way of masking their true identity, but Check Point was able to draw connections between the domains, IP addresses and their administration.


Those behind the system screwed up on one of the domains - - and left its directory accessible online, which the researchers downloaded and reviewed, giving more details over how the spying operation was being conducted.

china hacker

Great. Global internet freedoms take another dive as censorship and fake news proliferate


The researchers believe that may also have uncovered a secure messaging channel on Telegram that advertised itself as supporting protestors of the current Egyptian military administration but is likely under the control of the intelligence services.

Check Point was unable to find definitive proof that it was the Egyptian intelligence services behind the operation but considering those targeted, the clear intent and purpose of the apps, the structure and data downloaded and a number of clues - such as a server registered to the government’s IT ministry and a hardcoded location that corresponds to the HQ of Egypt’s main spy agency - it is almost certain that it was a government-sponsored activity.

“We discovered a list of victims that included handpicked political and social activists, high-profile journalists and members of non-profit organizations in Egypt,” the company wrote in a lengthy post outlining its findings. “The information we gathered from our investigation suggested that the perpetrators are Arabic speakers, and well familiar with the Egyptian ecosystem. Because the attack might be government-backed, it means that we are looking at what might be a surveillance operation of a country against its own citizens or of another government that screens some other attack using this noisy one.”

In recent months, ongoing tensions within Egypt have grown and the government has arrested a number of prominent opposition leaders in response to growing anti-government protests. ®


Keep Reading

NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it's suing us over

Antisocial network sought surveillance tech to boost its creepy Onavo Protect app, it is claimed

Judge green-lights Facebook, WhatsApp hacking lawsuit against spyware biz NSO, unleashing Zuck's lawyers

Legal discovery team could turn up some very interesting, and possibly embarrassing details

Spyware maker NSO can't claim immunity, Facebook lawyers insist – it's time to face the music

Software developers aren't nation states, antisocial giant points out

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

Mandrake handlers could snoop on whatever victim did with their phone

Senator demands deep probe into spyware-for-cops after NSO Group touts hacking toolkit to American plod

Updated 'Aggressive oversight' needed, Congress urged

We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones

Border cops accused of loading tourists' mobiles up with snoop app in Muslim area

Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services...

Malware maker urges judge to dump lawsuit over WhatsApp phone snooping

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out

DEF CON Start the clock on those patches – they'll be coming any day, week, month soon

Biting the hand that feeds IT © 1998–2020