UPDATED 14:24 EST / JANUARY 19 2018

APPS

Spyware posing as apps like WhatsApp stole data in at least 20 countries

The Electronic Frontier Foundation and cybersecurity company Lookout Inc. have uncovered a global spyware campaign that has stolen hundreds of gigabytes of data, primarily from mobile Android devices.

The campaign, which the two groups have named “Dark Caracal,” accidentally outed itself by storing the stolen data on an unsecured server accessible via the internet.

According to EFF and Lookout, Dark Caracal uses “trojanized” spyware, which poses as legitimate apps such as WhatsApp and Signal. The fake apps function just like the real thing, but they also capture messages, photos, audio and other data. According to EFF Director of Cybersecurity Eva Galperin, Dark Caracal affected people in countries around the world, including the U.S., Canada, Germany and others.

“Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” Galperin said in a statement Thursday. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”

EFF Staff Technologist Cooper Quintin added that the attack doesn’t even require a sophisticated or expensive exploit. “Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” he said. “This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world.”

Lookout released a full report of its findings on Dark Caracal, which the firm said has been active since at least 2012. According to the report, Lookout’s researchers traced the malware back to a building belonging to Lebanon’s General Directorate of General Security, one of the country’s intelligence agencies. Based on this information, Lookout said that “it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal.”

This is the second time this week that security researchers have discovered powerful spyware on Android. On Tuesday, antivirus provider Kaspersky Lab announced the discovery of “Skygofree,” a malware program that the company called “one of the most powerful spyware tools that we have ever seen for this platform.”

EFF said Dark Caracal may be only one of several cyberattack campaigns that operate through the same infrastructure. The organization also conceded that it has previously “misidentified” activity that had actually come from Dark Caracal. EFF offered some advice today on what users should do about the situation, such as keeping an eye out for links, attachments, and apps that pretend to be something they’re not.

Photo: Dark Caracal Technical Report/Lookout

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU