Designed for government: hackers sell Dark Caracal spyware platform

by do son · January 22, 2018

According to theregister media news on January 18, the Frontier Foundation Electronic Frontier Foundation and security firm Lookout found a surveillance espionage related to the Lebanese General Security Agency Dark Caracal APT steal large amounts of data from Android phones and Windows PCs around the world, and recently There are hackers selling the Dark Caracal spyware platform to some countries for monitoring. It is learned that the espionage has spread malware containing trojans by creating a large number of fake Android applications and using social projects such as phishing emails or fake social network messages that have involved journalists from 21 countries in the past six years, Military personnel, companies and other sensitive information (text messages, call logs, archives, etc.).

In a report published by Lookout, a detailed analysis of Dark Caracal:

Dark Caracal’s attack chain relied heavily on social engineering such as hacking to include custom Android malware in fake apps such as Signal and WhatsApp to send malicious messages to victims.

Lookout said researchers found a custom malware called Pallas that could be an important component of the Dark Caracal espionage kit. Pallas was used to hijacking target smartphones and distribute and control them through the rental to the government’s Dark Caracal platform. The primary way to get Pallas right now is to install infected applications from unofficial software stores, such as WhatsApp and Signal ripoffs. However, Pallas did not take advantage of “zero-day” to take over the device but rely on deceiving users to install malicious applications, grant malicious software various permissions. Once Pallas is in place, you can secretly record audio from the phone’s microphone, reveal the location of the gizmo to the watchers, and reveal all the data contained in the phone to hackers.

In addition, the Dark Caracal platform offers another monitoring tool, the InfFisher sample, which is sold to the government to monitor citizens. And on the desktop, Dark Caracal offers a Delphi-coded Bandook Trojan, which was previously identified in the Operation Manul and can effectively expropriate Windows systems.

Lookout said it is currently trying to find the hacker organization behind Dark Caracal and expects the survey to move forward this summer.