Smartphone Spying Op Targeted Thousands with Malware, Phishing

Whoops! A global spying performance perhaps out of Lebanese republic has accidentally revealed itself thank you to an exposed server on the open net.

Security researchers spotted the server, and said the spying op pulled hundreds of gigabytes of stolen data from infected Android phones and Windows machines.

Since 2022, the underground operation —dubbed Dark Caracal— has targeted thousands of people in over 21 countries including the U.s.. Among the victims were military personnel, activists, journalist and lawyers.

The findings were made in a Thursday report from the security firm Lookout and privacy advocate the Electronic Frontier Foundation, who say the spying functioning is one of the biggest focused on mobile phones.

Data Taken from Dark Caracal

The security researchers even traced the activities dorsum to a building in Beirut, which belongs to one of Lebanon'due south intelligence agencies, the General Directorate of General Security.

Although the spying performance has been prolific, the hacking itself hasn't been terribly sophisticated. It'due south mainly relied on fooling victims into installing Android malware or typing in their password into a imitation login folio.

The attackers practice and so by sending out phishing letters over Facebook and WhatsApp, possibly nether the guise of fake social media profiles. Through the phishing messages, victims have been redirected into downloading malware-laden Android apps or visiting a dummy Google, Facebook or Twitter domain actually under control of the hackers.

The Android-based malware can look disarming. It'due south able to masquerade as legitimate messaging apps such as WhatsApp and Bespeak and spoof the actual functions.

Dark Caracal Attack Map

However, the Trojanized apps can too secretly spy on the victim too. They've been designed to take photos from the phone'south camera, elevator text messages, pull location data, and record audio.

In addition, the spying functioning has too been using Windows malware to have desktop screenshots from victim's computers, extract log files from Skype and steal sensitive corporate documents. Nonetheless, none of the malware exploited whatever previously unknown vulnerabilities in Android or Windows.

"This research shows information technology's not hard to create a strategy allowing people and governments spy to on targets around the world," said EFF staff technologist Cooper Quintin in a argument.

Then far, Lebanon's Full general Directorate of Full general Security hasn't commented on the findings. The exposed server was moved to a new hosting provider last Sept, and is no longer leaking data.

The security researchers spotted the server from an earlier investigation into another cyber-spying operation fabricated public back in 2022. However, that performance allegedly involved the Republic of kazakhstan authorities targeting journalists and dissidents in Europe.

"This suggests that Nighttime Caracal either uses or manages the infrastructure found to be hosting a number of widespread, global cyber-espionage campaigns," the researchers said in their written report.

To protect yourself from Android-based malware, it'south always all-time to download apps from the official Google Play Shop rather than from tertiary-political party websites.