[ad_1]
In a report released earlier this week, the Israeli military accused Hamas cyber-activists of trying to incite IDF soldiers to install applications. infected with malware on their phones.
The tactics are not new, as Hamas has already done in January, but this time they managed to host the malware on the official Google Play Store, giving them more money. authenticity.
The Israeli computer security company ClearSky has been successful in identifying apps – two dating apps and a World Cup related app.
WinkChat – com.winkchat.apk
GlanceLove – com.coder.glancelove.apk
Gold Cup – anew.football.cup. world.worldcup.apk
Hamas used attractive female profiles to attract soldiers
IDF officials said that in January, Hamas activists created Facebook profiles with photos of attractive women to engage in private conversations. Later in 1965, the attackers used the profile of a woman named "Elianna Amer", while this time they used one for "Lina Kramer". According to the IDF, Hamas activists have used Lina Kramer's profile for at least three months.
"I got a message on Facebook that seemed innocent at first, from Lina Kramer, we started talking on Facebook, and she then asked me to download an app called GlanceLove ", Explained L., a former IDF soldier.
" At this point, my suspicions were final and I decided to consult a friend who helped me to understand that this was a fictional profile with malicious intent, "said L .. Glance Love app" height = "567" src = "https://www.bleepstatic.com/images/news/u/986406/attacks/APTs/GlanceLove .png "width =" 500 "/>
IDF officers stated that most of the soldiers had adopted the tactics and that" the security of Israel had not been damaged. "L & # One of the reasons may be that the fatal woman's coup was the subject of much media attention in January in the local and international press, and most soldiers now know it.
But the Israeli newspaper Haaretz reported that at least "Soldiers were infected.
Arid APT Viper blamed for the operation
According to the IDF, embedded malware in the three apps they discovered this time could fully support devices, take pictures, record audio files, and send the acquired data to a remote server.
ClearSky's experts say that & # 39; 39 They followed the Hamas group behind this attack for a while.In infoec circles, the group is known as Arid Viper code.Kaspersky and CIPProject have badyzed the This group's activity in the past
is also the second time that an advanced persistent threat (APT), a term used to describe nationally-sponsored cyber espionage groups, is related to Hamas., the fundamental organization Palestinian-Sunni Islamist List
Two years ago, ClearSky found links between Hamas and another APT named Gaza Cybergang, also known as the Gaza Hacker Team or Molerats. This first Hamas-related APT has developed and used custom malware such as DownExecute, XtremeRAT, MoleRAT or DustSky (NeD Worm).
Source link