Skip to main content

Dark Caracal: Malware allows hackers to spy on thousands of users in more than 20 countries

Researchers at Lookout and EFF have discovered Dark Caracal, an international espionage campaign that relied on fake versions of secure messaging apps. (Representational Image. Source: Reuters)


Dark Caracal, a global spyware espionage campaign allowed hackers to spy on thousands of people in more than 20 countries and steal hundreds of gigabytes worth of data. This was revealed in a report shared by the The Electronic Frontier Foundation (EFF) and mobile security company Lookout. The report by EEF and Lookout says that the spyware campaign relies on fake version of messaging apps like Signal, WhatsApp and then steals data.
“People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” EFF Director of Cybersecurity Eva Galperin said in a press statement. She added this was a “very large, global campaign, focused on mobile devices.”
According to the report, these “trojanized apps”, which include fake versions of Signal and WhatsApp, appear to be just like the legitimate app and can send and receive messages. But the fake apps allowed attackers “to take photos, retrieve location information, capture audio, and more.” According to the EFF and Lookout, Dark Caracal may have been deployed by a nation-state actor. The report says Dark Caracal has been traced to a building belonging to the Lebanese General Security Directorate in Beirut.
“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform. The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about,” Mike Murray, Vice President of Security Intelligence at Lookout said in a press statement.
Dark Caracal appears to have been active for sometime. The researchers have pointed out that the spyware campaign has been operating since at least 2012, but it has been hard to track because of other, seemingly unrelated espionage campaigns originating from the same domain names. They also believe Dark Caracal is just one from a number of different global attackers using this very same infrastructure.
The other worrying feature about Dark Caracal is that it does not require any sophisticated equipment or expensive exploit to be carried out. Given that the hackers are relying on fake version of messaging apps, they could easily get permissions to access data, camera, speaker, etc on the phone. This is because users tend to grant these to all messaging apps in order to use many of the features.
Lookout also says they worked directly with the Google Android Security Team to fix the threat on the platform and the “team was highly responsive and worked to find the malicious apps and protect customers.” Once again, when downloading apps, customers should keep in mind that they are doing this from the official Play Store, and not third-party store apps. Also it is best to check the official developer before downloading the app, in order to avoid fake apps, malware or spyware.

Comments

Post a Comment

Popular posts from this blog

Over 1 lakh illegal immigrants arrested in US in 2017

On January 25, Trump issued an executive order to set forth the Administration’s immigration enforcement and removal priorities. (Representational Image) The US authorities have arrested 143,470 illegal immigrants this year, according to a latest report. US Immigration and Customs Enforcement said in its annual report that it has made 143,470 administrative arrests in fiscal year 2017, increasing 30 per cent Year-on-Year, Xinhua news agency reported on Wednesday. An administrative arrest is the arrest of an alien for a civil violation of the immigration laws, which is subsequently adjudicated by an immigration judge or through other administrative processes. Of the total arrests, 110,568 occurred after January 20, which is a 42 per cent increase over the same time period last year, according to the report. US President Donald Trump took the oath of office on January 20 this year. On January 25, Trump issued an executive order to set forth the Administration’s immigrat...
Post a Comment
Read more

Canada debates new harassment legislation amid #MeToo storm

We can afford to do more for people who need it by doing less for people who don’t: Trudeau’s message (Photo Source: Reuters) Canada’s parliament began debate on Monday on new legislation to tighten workplace harassment rules, including those governing politicians, as allegations of sexual misconduct mounted against lawmakers on both sides of the political spectrum. The bill, introduced by Prime Minister Justin Trudeau’s Liberal government in November, gained a new prominence after a federal cabinet minister and two provincial party leaders stepped down last week after being accused of inappropriate behavior. While the proposed law will govern all federal workplaces, including private businesses, the environment among political staffers in Ottawa was in focus as the #MeToo social media movement gained momentum in Canada. “It clearly is a crisis in this workplace,” Employment Minister Patty Hajdu told reporters outside the House of Commons. “We talk a lot about getting wom...
Post a Comment
Read more

Trump administration drops Obama-era easing of marijuana prosecutions

The US Justice Department on Thursday rescinded an Obama administration policy that had eased enforcement of federal marijuana laws in states that legalized the drug, instead giving federal prosecutors wide latitude to pursue criminal charges. The action by Attorney General Jeff Sessions could have damaging consequences for the burgeoning marijuana industry in the six states including California and Colorado that have legalized the drug for recreational use, plus dozens of others that permit medicinal use. Justice Department officials declined to say whether they might take legal action against those states, saying further steps were “still under consideration.” Federal law still prohibits marijuana even as some states move to legalize it. White House spokeswoman Sarah Sanders said President Donald Trump’s top priority was enforcing federal law “whether it’s marijuana or immigration.” The policy change, detailed by Sessions in a one-page memo to federal prosecutors nationwid...
Post a Comment
Read more