CATEGORIES
home News

Dark Caracal Global Malware Espionage Campaign Targets Thousands Of Android Users

by Paul LillyFriday, January 19, 2018, 10:58 AM EDT
Android

Well this is disturbing—researchers at the Electronic Frontier Foundation (EFF) and mobile security company Lookout have discovered a cyber-espionage campaign that has been operational since 2012 and is aimed at Android users. The campaign, dubbed Dark Caracal, has infected thousands of Android devices in more than 20 countries, resulting in the theft of hundreds of gigabytes of data.

The malware that is being doled out as part of Dark Caracal is mostly focused on spoofing secure chat messaging clients on mobile devices. Among them are fake versions of Signal and WhatsApp, which appear to work like their legitimate counterparts, except they are infected with malware. Once installed, cyber criminals can use a victim's Android device to take photos, retrieve location information, record audio, and more.

"People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life."

Android Chart
Source: Lookout (PDF)

Initial analysis has led EFF And Lookout to believe the perpetrators might be a nation-state actor. The firms also believe the culprit is using a shared infrastructure that has been linked to other nation-state actors. One particular trace of Dark Caracal led the researchers to a building belonging to the Lebanese General Security Directorate in Beirut.

"Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform," said Mike Murray, Vice President of Security Intelligence at Lookout. "The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about."

One thing that has made Dark Caracal so difficult to track is the diversity of what appear to unrelated espionage campaigns using the same domain names. EFF and Lookout believe  that Dark Caracal is one of many different global attacks using the same infrastructure. Part of what's both interesting and concerning is that Dark Caracal does not require a sophisticated or expensive exploit, it mainly relies on just application permissions that unwitting users grant when downloading fake apps containing malware.

As always, it's recommended that you only download apps from trusted sources.
Tags:  Android, Malware, (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment