- Sputnik International
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

State-Sponsored Hackers Took Over Israeli Soldiers’ Android Phones

CC0 / Pixabay / Dark web
Dark web - Sputnik International
New research has revealed that state-sponsored hackers have been using malware to spy on soldiers in the Israeli Defense Force through their smartphones.

Reports indicate that more than 100 Israeli servicemen were first affected by this attack this in July 2016, and that the most recent reported attacks happened just this month. The malware, called "ViperRAT," was specifically designed to target Android devices, with hackers gaining access to the phone’s location, video, audio and SMS functions. 

Cybercrime - Sputnik International
Fancy Bears Attempted to Hack Polish Foreign Ministry

Samsung, LG, Huawei and HTC devices were affected, with almost 9,000 files stolen in total.

Security firms report that IDF soldiers fell victim to the malware after being catfished on social media by communicating with profiles posing as attractive women from several different countries, luring them with sexual innuendo. The personnel were then duped into installing an Android chat application infected with Trojan viruses.

YeeCall Pro and SR Chat are legitimate programs, but were weaponized for the cyber attack. The virus spread through “Droppers” hiding in other apps common in Israel and available through the Google App Store, like Move To iOS and an Israeli love-song player.  

A man is silhouetted against a video screen with a Facebook logo as he poses with a smartphone in this photo illustration taken in Zenica. - Sputnik International
The Real McCoy: Russian Hacker Helps Protect Facebook From External Threats

Soldiers unwittingly gave access to their phone by giving permission to malicious apps, giving hackers the ability to eavesdrop on conversations, look at live video footage, allowing for the control of their camera and microphone.

ViperRat can also gather photos, cell phone tower information, internet browsing history metadata, and a history of downloaded apps.

The IDF has been working with Kaspersky and Lookout to get more information on the espionage campaign, with Lookout researchers reporting that the hack is not the work of amateurs. "Based on tradecraft, the modular structure of code and use of cryptographic protocols [AES and RSA encryption] the actor appears to be quite sophisticated," they said, according to the Hacker News. 

A CIA logo at the CIA headquarters - Sputnik International
US Intel 'Laid Itself Open to Ridicule' by Accusing Russia of Hacker Attacks

The depth of social engineering that went into the hack led Kaspersky to posit that Hamas was responsible, but Lookout has claimed that the group does not possess the sophisticated mobile capabilities to develop a program like ViperRat.

Michael Flossman, who heads security research services at Lookout, told ZDNet, "It has been used directly against IDF personnel, however there's also a good indication that it has been deployed in other campaigns against other groups," 

Kasperky’s report concluded that, "this is only the opening shot of this operation. Further, that it is by definition a targeted attack against the Israeli Defense Force, aiming to exfiltrate data on how ground forces are spread, which tactics and equipment the IDF is using and real-time intelligence gathering."

To participate in the discussion
log in or register
Заголовок открываемого материала