RESEARCHERS HAVE UNCOVERED a new malware espionage campaign that has allegedly turned thousands of Android phones into spying machines.
Researchers at mobile security firm Lookout worked with digital rights group the Electronic Frontier Foundation (EFF) on the investigation, which uncovered a group of hackers they christened Dark Caracal ('a secretive cat native to Lebanon', according to Wikipedia).
While Lookout has been tracking mobile security events worldwide since 2007, this is one of the most prolific it has seen to-date. The platform appears to be run from the offices of Lebanon's General Security Directorate (GSD) in Beirut.
Although Dark Caracal has targeted desktop, it prioritises mobile devices as the attack vector. It is one of the first advanced persistent threat (APT) actors to work with mobile on a global scale. Lookout is aware of "hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims".
Most of the victims are in the Middle East and Europe, although others have been tracked in North America, Asia and Africa.
Dark Caracal has mostly targeted "individuals and entities that a nation state might typically attack, including governments, military targets, utilities, financial institutions, manufacturing companies, and defense contractors", Lookout claims.
The attackers used malware, mostly installed through phishing techniques, to take control of Android smartphones and use them to monitor victims while also stealing data.
Lookout found Dark Caracal after the EFF released its Operation Manual (another cat) report, which highlighted a campaign targeting individuals who spoke out against Nursultan Nazarbayev, the President of Kazakhstan. They were able to link the group back to the GSD because Dark Caracal had failed to properly secure its own command and control servers.
"Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating," Michael Flossman, Lookout's lead security researcher, told Reuters in an interview. However, they cannot say for certain whether their work definitively links the GSD to Caracal, or if it is the work of a rogue employee.
Major General Abbas Ibrahim, director general of the GSD, said ahead of its publication that he could not comment on the report without seeing its contents. µ
Another week of Google news in brief
It was nice knowing you, sort of
Third time unlucky
Customers are unable to make payments or transfer money