Researchers at cybersecurity firm Lookout and the Electronic Frontier Foundation released a report detailing how the two groups trace Black Caracas back to the Lebanese Security Directorate and found attacks on government agencies, the military, defense contractors, Evidence agencies for utilities, businesses and financial institutions.
The attackers also received equipment belonging to military personnel, medical professionals, activists, journalists, lawyers and educational institutions.
According to the Lookout/EFF report, the dark Caracal was attacked in more than 21 countries and is “one of the first publicly recorded mobile APT performers known to execute espionage worldwide.”
The whole pictures depicting the arrival and effectiveness of the Dark Caracal are bleak – it is hard to feel safe when state-sponsored actors are so effective.
Prolific malware hosting, standard infection technology
The Lookout/EFF report confirms that Dark Caracal runs at least six separate campaigns that run on both desktop and Android devices, reporting that they have had widespread success in gaining insight into the lives of victims.
Desktops and Android malware are all posted on phishing and phish phishing campaigns, spoofing login portals, vulnerabilities, social engineering, and even fake social media posts that involve infected sites.
The actual method of infection on Android devices and desktops is familiar and depends primarily on trojanized apps that users are tricked into installing.
Lenovo has always been committed to the forefront of innovation, which means that Lenovo will provide the world’s best talent to provide high-quality technology. ThinkPad supports Windows 10 Pro and helps businesses access faster and easier.
Android devices are the overwhelming majority of Dark Caracal’s targets, mainly infected by the dark Caracal-produced Pallas malware, which is hidden in the Trojanized versions of legitimate applications. Pallas was found in WhatsApp, Signal, Primo, Threema, Plus Messenger, Psiphon VPN, Orbot TOR Proxy, Fake Flash Player Update and Fake Google Play Push Apps.
Pallas can download more malware, patch it up and perform other tasks to fully steal personal data, but it does not do any tricky self-installation.
The Lookout / EFF report states: “Zero-day vulnerabilities are not used on both desktop and mobile malware tools, and Pallas samples primarily rely on the permissions granted during installation to access sensitive user data.
Protect yourself from the Dark Caracal
It is not necessary to be aware that the full extent of Dark Caracal has reached a clear conclusion: it is a dangerous hacking organization, probably the most widely discovered one ever.
By using some of the basic rules that always apply, your device and the devices you manage can be protected from malware activity:
- Maintain device updates and ensure that patches are installed as soon as possible.
- Make sure you have a trusted antivirus application installed on all your devices.
- Apps installed from a proven source only means the Google Play Store on Android, as well as desktop devices like Windows and Mac, which means the official app store.
- Do not put BYOD devices on the corporate network unless they have been scanned and found clean.
- Personal devices used for work should be controlled according to the mobile device management policy.
A hacking group that has been traced to the Lebanese government has been actively attacking desktops and Android devices since 2012. Engaging post, Read More…
thumbnail courtesy of techrepublic.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries.