Posted on April 22, 2021 at 5:28 PM
Palestinian Threat Group Deceive Victims Into Installing iOS Spyware
Facebook revealed that it has discovered a hacking campaign that created a fake secure chat app to lure users on Google’s Android devices. According to the tech giant, the campaign is being operated by a Palestinian spy group called Preventive Security Service.
Facebook says it has warned about 800 individuals that the Android-based malware developed by the spy group is targeting them.
Although the agency usually operates around internal security, it has been seen targeting those outside Gaza and West Bank.
The targeted victims include military groups, journalists, dissidents, as well as activists. The military targets include the Iraqi military and the Syrian opposition.
This discovery by Facebook is coming only a few months before the first parliamentary election in Pakistan in 15 years.
The malware camouflages as a look-alike article submission tool for journalists or a “secure” chat app called Advanced Chat App.
Threat group creates fake Facebook profiles
Once the group successfully convinces a target to download the malware, the app will not work as it has been advertised. However, it performs other activities silently. The app picks up call logs text messages, contacts, and the location of the user. It also includes a keylogger that looks at what is typed on infected systems.
The group usually poses as young women, journalists, or activists to gain the trust of their targets on Facebook. In other instances, they pretend to be supporters of Fatah or Hamas, the two major political parties in the country.
Apart from their creation of Facebook profiles, the threat actors also post messages that are politically critical to the upcoming Palestinian election. They also post messages to get attention with memes criticizing the Assad government in Syria or the Russian foreign policy.
The threat group has been linked with the Fatah party and previously accused of civil rights abuse by the Human Rights Watch.
The hackers are now attacking other regions
Mike Dvilyanski, Facebook’s head of cyber espionage investigations, stated that it was a surprise to have hacks linked to the agency, as well as its targeting of people outside of Palestine.
He said while the agency was formed to operate within the country, evidence is suggesting it has started expanding its activities in the regions, especially on the ongoing conflict in Syria.
On a similar note, Facebook says it discovered spyware fronting as a messaging app for iPhone. The tech giant claims the spyware is used in attacks on Palestinian government officials and its citizens.
The said malware has a strong tie with Arid Viper, which is linked to the cyber section of Hamas but has never been spotted attacking Apple’s operating system.
The app can snoop on several activities on an Apple device, including stealing photos and silently recording audio via the camera or mic.
Attack has a limited impact
Although the attacks were not wide, they were targeted and seem to be linked to power struggles between Fatah and Hamas, which has been designated as a terrorist group by the State Department.
Facebook warns that the attack targets include student groups, security services, various oppositional government organizations, and the Palestinian National Authority.
Facebook also noted that the manner of target infection seems to be complex, which explains why the impact of the attack is limited.
The target will only be in harm’s way if they download an app that’s not included in the official App Store. The target also needs to install a “mobile configuration profit”, which allows unapproved Apple software to run on iPhone.
So, it’s still a long shot before the threat actors can succeed in infecting the target’s devices. Users who are wary of downloading apps outside of the official Apple Store will automatically exempt themselves from being targeted since they are unlikely to download the app containing the malware.
Facebook says the Magic Smile app was hosted on a third-party site that provides app development tools. The company noted that it could be how the malware ended up on iPhones.
Hacking activities have increased in West Bank and the Gaza Strip in recent years, as rival Palestinian political parties try to outdo each other.