Dark Caracal

Last updated

Dark Caracal is a spyware campaign [1] [2] that has been conducted by an unknown group of hackers since at least 2012. [3] The campaign was discovered by the Electronic Frontier Foundation and the mobile security firm Lookout, [1] who published their findings on January 18, 2018. [2] The campaign has mainly used phishing attacks (and in some cases physical access to victims systems [2] ) in order to install malicious Android applications, including ones that imitate the look and feel of popular instant messaging applications, on victims systems to gain full control over the devices. [3] No evidence was found that iPhone users have been targeted, and according to Google, none of the malicious applications were found on the Google Play Store. [3] The data allegedly stolen includes documents, call records, text messages, audio recordings, secure messaging client content, browsing history, contact information, photos, location data, and other information that allows the group to identify their targets and have a look at their personal lives.[ citation needed ] The component used to monitor Android devices is known as Pallas; the component used to monitor Windows devices is a variant of the Bandook trojan. [4]

The campaign is suspected to be state-sponsored [2] and linked to the Lebanese government's General Directorate of General Security. [4] [5] [2] According to Reuters, "the researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building." [3] The researchers have said that they are not certain "whether the evidence proves GDGS is responsible or is the work of a rogue employee." [3] The report was denied by Major General Abbas Ibrahim. [3]

Related Research Articles

<span class="mw-page-title-main">Keystroke logging</span> Action of recording the keys struck on a keyboard

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

The General Security Directorate is a Lebanese intelligence agency founded on July 21, 1921 and originally known as the "first bureau". On June 12, 1959, Decree-Law No. 139, in force from that date, was published. Under this decree the General Security becomes a branch depending on the power of the Minister of Interior and headed by a Director General, as President. On December 16, 1959, Organizational Decree No. 2873 was published. It establishes a regional organization of general security and creates more Branch, regional departments, border, maritime and air.

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India and Indonesia, and the second most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

<span class="mw-page-title-main">Mobile security</span> Security risk and prevention for mobile devices

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for their antivirus software Avira Free Security. Avira was founded in 2006, but the antivirus application has been under active development since 1986, through its predecessor company H+BEDV Datentechnik GmbH. As of 2021, Avira is owned by American software company NortonLifeLock, after being previously owned by investment firm Investcorp.

<span class="mw-page-title-main">WhatsApp</span> Messaging and VoIP service by Meta

WhatsApp Messenger, or simply WhatsApp, is an internationally available freeware, cross-platform centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by American company Meta Platforms. It allows users to send text and voice messages, make voice and video calls, and share images, documents, user locations, and other content. WhatsApp's client application runs on mobile devices, and can be accessed from computers. The service requires a cellular mobile telephone number to sign up. In January 2018, WhatsApp released a standalone business app called WhatsApp Business which can communicate with the standard WhatsApp client.

Google Play, also branded as the Google Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives as well as ChromeOS, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play has also served as a digital media store, offering games, music, books, movies, and television programs be. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser, and through the Android and iOS apps.

<span class="mw-page-title-main">Morgan Marquis-Boire</span>

Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher. In late 2017 he was accused of at least ten sexual assaults.

mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app allows users to monitor and log activity on the client device.

<span class="mw-page-title-main">Stagefright (bug)</span> Software bug in Android

Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background. A phone number is the only information needed to carry out the attack.

Shedun is a family of malware software targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000 popular Android applications. Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.

Firebase Cloud Messaging (FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform cloud solution for messages and notifications for Android, iOS, and web applications, which as of June 2022 can be used at no cost. Firebase Cloud Messaging allows third-party application developers to send notifications or messages from servers hosted by FCM to users of the platform or end users.

Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent "flying through the air" to infect cell phones.

<span class="mw-page-title-main">Eva Galperin</span> American cybersecurity, privacy and anti-stalkerware activist

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state spyware.

<span class="mw-page-title-main">Reception and criticism of WhatsApp security and privacy features</span> Reception and criticism of security and privacy features in the WhatsApp messaging service

This article provides a detailed chronological account of the historical reception and criticism of security and privacy features in the WhatsApp messaging service.

Stalkerware is monitoring software or spyware that is used for cyberstalking. The term was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners. Stalkerware has been criticized because of its use by abusers, stalkers, and employers.

Candiru, today known as SAITO TECH is a Tel Aviv-based technology company offering surveillance and cyberespionage technology to governmental clients.

Hermit is spyware developed by the Italian commercial spyware vendor RCS Lab that can be covertly installed on mobile phones running iOS and Android. The use of the software was publicized by Google's Threat Analysis Group (TAG) on June 23, 2022, and previously disclosed by the security research group Lookout.

References

  1. 1 2 Newman, Lily Hay (20 January 2018). "Security News This Week: Hacking Group's Mobile Malware Spies on Thousands Worldwide". Wired. Condé Nast. Retrieved 21 January 2018.
  2. 1 2 3 4 5 Satter, Raphael (2018-01-18). "Report links hacking campaign to Lebanese security agency". Washington Post. ISSN   0190-8286. Archived from the original on 2018-01-18. Retrieved 2018-01-19.
  3. 1 2 3 4 5 6 Auchard, Eric (18 January 2018). "Lebanese security agency turns smartphone into selfie spycam: researchers". Reuters. Retrieved 23 January 2018.
  4. 1 2 Thomson, Iain (18 January 2018). "Someone is touting a mobile, PC spyware platform called Dark Caracal to governments". The Register. Retrieved 2018-01-19.
  5. Brandom, Russell (January 18, 2018). "Researchers have discovered a new kind of government spyware for hire". The Verge. Retrieved 2018-01-19.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.