Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.
The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.
According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.
“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.
“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.
Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.
According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.
“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.
Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.
This research has shed light on how governments and people are able to spy on individuals all over the world.