Dark Caracal is a huge Android spying campaign traced back to Beirut


When you think of governments spying on your smartphones, most people will think satellites and operating system backdoors and powerful spying computers. But results of research recently made public by cybersecurity firm Lookout and digital rights NGO the Electronic Frontier Foundation (EFF) show that even cheap and simple ways also work. This hacking and spying campaign is called “Dark Caracal” and the infections on Android devices can be traced back to around 500 hackers in a building in Beirut, owned by a Lebanese intelligence agency.

The hackers were discovered when traces of their work were found by Lookout and the EFF and led them to a building owned by the Lebanese General Security Directorate in Beirut. This agency is where Lebanon’s chief communications intelligence agency operates. The research says that the Dark Caracal group has stolen hundreds of gigabytes of data, and has victimized over 2,000 individuals across more than 20 countries in North America, Europe, the Middle East and Asia.

What surprised the researchers was the way the data has been stolen – there were no complicated “zero day” attacks to vulnerabilities in Android. These hacks relied on good old social networking and getting permissions for their apps once installed in the victim’s device. They start by sending messages over social messaging app WhatsApp, where they pointed them to phishing websites. From there, they convinced the victims to “update” apps on their phones with update packages containing their malware code.

The Dark Caracal group can then harvest data – take photos, steal personal information, spy via communications apps, record video and audio, and acquire location. The researchers concluded that even the sloppiest hackers can steal people’s data if users keep falling for the same old tricks over and over again.


via Android Community

January 22, 2018 at 11:03PM