Follow Slashdot stories on Twitter


Forgot your password?
Electronic Frontier Foundation Cellphones Security

EFF: Thousands of People Have Secure Messaging Clients Infected By Spyware ( 35

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."

Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."
This discussion has been archived. No new comments can be posted.

EFF: Thousands of People Have Secure Messaging Clients Infected By Spyware

Comments Filter:
  • This! (Score:5, Insightful)

    by ma1wrbu5tr ( 1066262 ) on Saturday January 20, 2018 @05:23PM (#55968731) Journal
    Though some obfuscation might point elsewhere, this is state sponsored spyware. Despots, tyrants, and oligarchs HATE the idea that we might have conversations without them. It is hard to control a narrative if you're not privy to the conversation.
    • by rtb61 ( 674572 )

      So wait up, hmm, let me remember something, ohhh yeahh, for years governments all over the world, have contracted out computer stuff to tech companies because of the far greater expertise of tech companies and ohhh yeah, they buy the best staff and the government gets the anal retentive 2nd and 3rd raters. So it can only have been a government, in reality is like saying it can only have been done by anal retentive 2nd and 3rd raters who have to contract out the complex stuff to tech corporations. Something

    • But if we let people have private conversations without spying, NEO-NAZIS might communicate with each other! /actual_progressives_stance


  • downloading apps from non-official sources to be cool or whatever?

  • Thousands only? That's if you assume that the true, official apps are secure, I suppose?
    • Are you accusing Moxi Marlinspike of being a collaborator? Or are you simply spreading FUD so that nobody even *tries* to protect the little rest of their privacy?

      • After that interview, the old straw man trick is becoming popular again these days. (1) The 300lb pound gorilla is Whatsapp being compromised, not Signal (2) if a malicious party has root or controls the OS, they can spy on your signal conversations even if you use the official signed Moxie-approved binary.
  • it's astonishing that in 2018 basic computer security isn't demanded of people in high ranking positions. Really? Spearphishing? Click fake links in e-mails? I maybe did this when I was 12, clicking flash ads for free online games.

  • by SeaFox ( 739806 ) on Saturday January 20, 2018 @06:21PM (#55969011)

    The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally.

    Why would anyone expect a messaging app associated with Facebook to be a secure communication method? Especially if you're trying to avoid government snooping. Using the most popular, closed-source, corporate-owned social network platform is like painting a big bulls-eye on your back.

    • by gtall ( 79522 )

      Ever listen to CSPAN's call in show in the mornings? Admittedly we're only listening to Americans. However, from the callers we can learn that Jews control everything, particular Senators should be taken out and shot in the head, DACA people deserve the love of Jesus Christ just as soon as they depart for their parent's homeland, Trump is a genius, Trump is a dunderhead, there's nothing wrong with Putin or Russia, etc.

      This lot will not only fall for the latest scam, they'll complain bitterly they weren't le

      • Those people are self-selected loud-mouths who have a cause to push. Normal people, and that's still the vast majority of them, aren't nearly as nutty.

  • You can't install a third party app without changing a default setting. Has this malware found a way around this?
    • by AHuxley ( 892839 )
      If the gov/mil is paying then yes the can ask for that from their contractors to be part of any malware.
      Recall DROPOUTJEEP []
      Some malware still needs a human to allow it in, others just get pushed down the network.
      i.e. "spearphishing" ... "to go to a fake app store-like page, where fake Android apps waited."

      Some contractors like their gov/mil malware too just look like normal, existing malware if found. To suggest the code had another nation origin, another gov was doin

Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun