EFF: Thousands of People Have Secure Messaging Clients Infected By Spyware (eff.org) 35
An anonymous reader quotes the EFF:
The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.
The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."
The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."
This! (Score:5, Insightful)
Re: (Score:2)
So wait up, hmm, let me remember something, ohhh yeahh, for years governments all over the world, have contracted out computer stuff to tech companies because of the far greater expertise of tech companies and ohhh yeah, they buy the best staff and the government gets the anal retentive 2nd and 3rd raters. So it can only have been a government, in reality is like saying it can only have been done by anal retentive 2nd and 3rd raters who have to contract out the complex stuff to tech corporations. Something
Re: This! (Score:2)
The part about apple is a bold statement. Nobody has reported unwanted communications with apple servers when Siri is not activated (received the activation command and interpreted it *locally*).
They had and have their hands in the cookie jar, though. They left messages and contacts, calender and call lists unencrypted, as those things were most interesting to the powers that be. If the icloud is activated, they will copy your call lists to their servers for your (the governments) convenience.
Your general s
Re: This! (Score:2)
Addition: I know, Contacts, Calendar and messages are encrypted after a reboot since the Snowden files. But they were not before. I am convinced that this was done to help the US surveillance scheme, but who could prove that?
Re: (Score:2)
But if we let people have private conversations without spying, NEO-NAZIS might communicate with each other! /actual_progressives_stance
#discord_did_nothing_wrong
Are people still this stupid? (Score:2)
downloading apps from non-official sources to be cool or whatever?
It's worse than you think. (Score:2)
The ones who can get as far as installing it are the smart ones.
Three letter agencies (Score:2)
Re: Three letter agencies (Score:2)
Are you accusing Moxi Marlinspike of being a collaborator? Or are you simply spreading FUD so that nobody even *tries* to protect the little rest of their privacy?
Re: (Score:2)
Re: (Score:2)
What is a caracal?
It's a small Caldari missile boat with a bonus to lasers. Also a variety of wild cat.
I followed the links and it seems the solution to a compromised messaging app is to download their protection app. I didn't read their report on the malware because they didn't present it as a webpage - it was a link that said "download report", and I'm wary of downloading crap from sites like this. If you've ever gone looking for solutions to malware, it seems every variant has a website that offers a specific tool to fix
sometimes you wonder when to give up on some peopl (Score:1)
it's astonishing that in 2018 basic computer security isn't demanded of people in high ranking positions. Really? Spearphishing? Click fake links in e-mails? I maybe did this when I was 12, clicking flash ads for free online games.
What's App? Really? (Score:5, Insightful)
The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally.
Why would anyone expect a messaging app associated with Facebook to be a secure communication method? Especially if you're trying to avoid government snooping. Using the most popular, closed-source, corporate-owned social network platform is like painting a big bulls-eye on your back.
Re: (Score:3)
Ever listen to CSPAN's call in show in the mornings? Admittedly we're only listening to Americans. However, from the callers we can learn that Jews control everything, particular Senators should be taken out and shot in the head, DACA people deserve the love of Jesus Christ just as soon as they depart for their parent's homeland, Trump is a genius, Trump is a dunderhead, there's nothing wrong with Putin or Russia, etc.
This lot will not only fall for the latest scam, they'll complain bitterly they weren't le
Re: (Score:3)
Those people are self-selected loud-mouths who have a cause to push. Normal people, and that's still the vast majority of them, aren't nearly as nutty.
Default setting? (Score:1)
Re: (Score:2)
Recall DROPOUTJEEP https://en.wikipedia.org/wiki/... [wikipedia.org]
Some malware still needs a human to allow it in, others just get pushed down the network.
i.e. "spearphishing"
Some contractors like their gov/mil malware too just look like normal, existing malware if found. To suggest the code had another nation origin, another gov was doin