Smartphone users all over the world have been warned to be very careful after researchers discovered that fraudsters are now using malware-infected messaging apps to steal data.
According to AFP, the report authored by digital rights group Electronic Frontier Foundation and mobile security firm Lookout detailed discovery of ‚Äúa prolific actor‚ÄĚ with nation-state capabilities ‚Äúexploiting targets globally across multiple platforms”, according to the report on Thursday.
Desktop computers were also targeted, but getting into data-rich mobile devices was a primary objective, according to the report.
With fake versions of secure messaging services like WhatsApp and Signal, the scheme has enabled attackers to take pictures, capture audio, pinpoint locations, and mine handsets for private data.
EFF and Lookout researchers dubbed the threat ‚ÄúDark Caracal.‚ÄĚ
People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal, according to EFF director of cybersecurity Eva Galperin.
‚ÄúThis is a very large, global campaign, focused on mobile devices,‚ÄĚ Galperin said.
‚ÄúMobile is the future of spying, because phones are full of so much data about a person‚Äôs day-to-day life.‚ÄĚ
Hundreds of gigabytes of data have been taken from thousands of victims in more than 21 countries, according to Lookout and the EFF.
There were indications that Dark Caracal might be an infrastructure hosting a number of widespread, global cyberespionage campaigns, some of which date back years, the report said.
Because the apps fool people into thinking they are legitimate, users give them access to cameras, microphones and data.
‚ÄúAll Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,‚ÄĚ said EFF staff technologist Cooper Quintin.
‚ÄúThis research shows it‚Äôs not difficult to create a strategy allowing people and governments spy to on targets around the world.‚ÄĚ
Researchers reported that they tracked Dark Caracal to a building in Beirut belonging to the Lebanese General Security Directorate.
Analysis showed that devices of military personnel, businesses, journalists, lawyers, educators, and medical professionals have been compromised, according to the report.
‚ÄúNot only was Dark Caracal able to cast its net wide, it was also able to gain deep insight into each of the victim‚Äôs lives,‚ÄĚ the report concluded.
Follow Us on Instagram