Tech News

Palestinian hackers tricked the victims into installing iOS Spyware

Hacking activity in recent years the Gaza Strip and the West Bank have increased as rivals as Palestinian political parties spar to each other, the Israeli-Palestinian the conflict continues, and Palestinian hackers are increasingly settling on the world stage. Now, Facebook has found two digital espionage campaigns outside of Palestine, active in 2019 and 2020, exploiting multiple devices and platforms, including a single spyware targeted at iOS.

It seems that the teams had no connection, they were with indirect goals. But they both used social media platforms like Facebook to connect with point-of-sale targets and launch social engineering attacks to target phishing pages and other malicious websites.

Investigators link a group of attackers to the Palestinian Security Prevention Service, an intelligence group subordinate to the West Bank ruling Fatah party. During this campaign, the group focused mainly on the Palestinian territories and Syria, and carried out a number of additional activities in Turkey, Iraq, Lebanon and Libya. It appears that the hackers were aimed at attacking human rights and anti-Fatah activists, journalists and organizations such as the Iraqi army and the Syrian opposition.

The other group, A long time Actor Arid Viper, linked to Hamas, focuses on Palestinian goals by members of Fatah political parties, government officials, security forces and students. Arid Viper set up an extensive attack infrastructure for its campaigns, including hundreds of websites that launched phishing attacks, hosted iOS and Android malware, or operated as a command and control server for that malware.

“We have warned people to suspend these two operations, remove their accounts, release malware hashes, block domains associated with their activities and target these groups, to help secure the accounts,” said Mike Dvilyanski, head of cyberespionage research, Mike Dvilyanski and David Agranovich. the suspension director wrote in a blog post on Wednesday. “We have shared the information with our industry partners with the anti-virus community so that they too can detect and stop this activity.”

Facebook offer

The team linked to the Prevention Security Service was active on social media and used the characters to steal and create stolen accounts, often depicting young women. In some accounts they supported Hamas, Fatah or other military groups and sometimes presented themselves as activists or reporters with the aim of creating relationships and deceiving them by downloading malware.

The team used low-end malware and its own Android spy disguised as a secure chat app to target the victim. The chat app collected call logs, location, contact information, SMS messages, and device metadata. Sometimes a keylogger was also included. The attackers also used publicly available Android and Windows malware. And investigators proved that the attackers made a fake platform for managing Windows content that targeted journalists they wanted to send to publish articles. The app didn’t work, but it came with Windows malware.


Source link

Related Articles

Back to top button