Tuesday, June 25, 2024

Sophisticated Spyware Attack on Military Mobile Devices to Record Phone Calls & Take a Picture

A few days before the Israeli security firm reported that Hamas cyber attackers installed a sophisticated spyware in  Israeli soldiers Military Mobile Devices to collect various sensitive information such as military data.

Spyware distributed through fake World Cup and online dating apps which were spread through the Google play store as legitimate apps.

Apart from this attacker using various bypass technique to evade the Google play store malware protection using the way attackers hide malicious code within legitimate apps.

Yet, it isn’t the first run through these strategies have been utilized, either against this particular target or other government offices around the globe. In mid-2017, the Viperat spyware focused on Israeli fighters serving around the Gaza strip, utilizing social building methods to take photographs and sound records from their cell phones.

Be that as it may, these instances of reconnaissance don’t just influence militaries and governments but Its an example of how cyber threats are evolving and continue to use mobile as their attack vector.

Spyware Activities on Military Mobile Devices

Infected Spyware can able to perform various malicious activities to steal the sensitive information from compromised military mobile devices.

In this case about 100 Military people fell victim to the attack and  malware was then able to carry out a number of malicious activities:

  • Record the user’s phone calls.
  • Take a picture when the user receives a call.
  • Steal the user’s contacts.
  • Steal the user’s SMS messages.
  • Steal all images and videos stored on the mobile device and information on where they were taken.
  • Capture the user’s GPS location.
  • Take random recordings of the user’s surroundings.
  • Steal files and photos from the mobile device’s storage.

According to the checkpoint, whether these threats come from non-state actors or cyber-crime gangs, they often use sophisticated techniques and malware to bypass traditional controls to reach their target.

Also Read:

InvisiMole – A Powerful Spyware Turn On Your Camera & Record Video, Audio, Take Picture

Beware !! Chrome Spyware Extensions Stealing Facebook Data, Location and Millions of Users Browser History

Sun Team Hacking Group Insert Spyware on Korean Victims Devices to Steal photos, Contacts, and SMS

Website

Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles