Researchers from the Electronic Frontier Foundation (EFF) and the mobile security firm Lookout have discovered cyber attackers were able to steal gigabytes of data from users via fake messaging apps.
The apps were downloaded by unsuspecting Android users and were designed to appear strikingly similar to the popular messaging apps WhatsApp and Signal. The cyber attackers behind the malware targeted individual users as well as military personnel, lawyers, journalists and activists.
The researchers were able to trace the malware back to a server in a Lebanese government building in Beirut and have dubbed this new cyber threat Dark Caracal. Lookout's report examined the threat closely to reveal that the malware likely originated from a nation state and made use of shared infrastructure that has been linked to other nation-state hackers.
The researchers offered further details on the nature of Dark Caracal and its target audience in their report, saying:
"People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos. This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
While the apps used to distribute the malware were created for Google's Android OS, the company is confident that they were not downloaded via the Google Play Store. In a statement on Lookout's company blog, Google reassured users regarding the safety of apps downloaded from its store, saying:
“Google has identified the apps associated with this actor, none of the apps were on the Google Play Store. Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices.
Dark Caracal is believed to have been operating since 2012 though it was difficult for Lookout and EFF to track because of the numerous hacking campaigns that were carried out using the same domain names.
Downloading apps directly from the Google Play Store and not from unknown sources is always recommended to protect your data and mobile devices.
Image Credit: Gilles Lambert / Unsplash