Israeli Users Targeted by Android Spyware Apps Since 2018
The Hamas-backed Group is Believed to Be Responsible for the Attacks.
Last updated on October 28, 2021
As of 2018, a group of supposedly harmless Android applications has been infecting Israeli users with spyware, and the operation is still ongoing.
According to BleepingComputer, security specialists at Qihoo 360 noticed spyware-laden applications posing as social apps such as Threema, Al-Aqsa Radio, Al-Aqsa Mosque, Jerusalem Guide, PDF viewer, and Wire.
Apparently, the most exploited application is one masquerading as Threema, an open-source end-to-end encrypted instant messaging application for iOS and Android.
The initial vector for these apps, according to experts, is a WhatsApp text or Facebook post that redirects targets to a web page that hosts the APK and allows them to download it.
As shown below, in some situations, the messages included a link to a reportedly vital confidential PDF document on Google Drive.
As explained by BleepingComputer, all of these are profit-oriented spyware with strong usefulness, including file exfiltration, call recording, location tracking, keylogging, photo, and video capturing, real-time recording, clipboard management, phishing, and shell command execution.
Other powerful tools such as Metasploit and EsecretRAT were also discovered in APKs. The attackers had added custom code on top of the open-source tools on both instances.
EsecretRAT is a new spyware tool based on ChatApp that can exfiltrate contact information, text messages, IMEI, physical address, IP address, and all images saved on the device.
Who Is Behind the Attacks?
Security specialists at Qihoo 360 think the attacks are the work of a Hamas-backed group that has been allegedly associated with previous Israel-targeting operations.
Users who downloaded Threema, Telegram, PDF viewer, Al-Aqsa Radio, Al-Aqsa Mosque, and Jerusalem Guide from sources other than the Google Play Store are recommended to delete the app as quickly as possible and scan their devices with an antivirus program.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.