Be aware! your private data on mobile is at risk. intruders can hack into your personal life data. The intelligence service in Lebanon could have turned thousands of mobile phones into spy devices, according to a report by the security company Lookout and the Electronic Frontier Foundation. This investigation assures that the General Directorate of Security of Lebanon (GDGS) has carried out more than ten espionage campaigns since 2012 in, at least, 21 countries.
The next time you think “these things do not happen to me,” remember thousands of people with essential positions who think they are safe chatting on WhatsApp. And it turns out that they are monitoring them from Beirut.
The report reveals large-scale mobile hacking, in which most of the attacks are aimed at taking control of Android phones. In this way, hackers turn the phone into a monitoring and surveillance device. Also, they can obtain any information stored without the users noticing. Also, the investigation also reveals intrusions on Windows computers.
Dark Caracal has obtained information from thousands of targets in more than 21 countries
The authors of the report have taken the name of a wild cat from the Middle East to baptize this surveillance tool: Dark Caracal. According to Lookout and the Electronic Frontier Foundation (EFF), Dark Caracal has already stolen hundreds of gigabytes of mobile and computer information. Through phishing attacks, victims are induced to download fake applications. Through these counterfeit apps, attackers hijack the device and gain full control.
According to the director of EFF, Eva Galperin, third parties are selling the Dark Caracal spyware platform to other countries and governments, for purposes of international espionage. Dark Caracal has been used to hack information from thousands of targets in more than 21 countries. This data includes private documents, call records, audios and text messages. The phishing has reached military, government, and even journalists and activists goals.
The hacking platform works through fake copies of applications like WhatsApp
In 2016, EFF published a dossier on the cybernetic espionage program Operation Manual. Following this publication, Lookout tried to locate the spyware responsible for this program. His research revealed a program called Pallas, which appears to be a component of the Dark Caracal platform. That is, Pallas hijacks the target mobile phones, and is under full control of Dark Caracal. Pallas would enter the device through the installation of fake apps, such as WhatsApp or Signal, from unofficial software repositories.
This beautiful animal gives the name to a very ugly espionage maneuver.
When it comes to computers and desktop applications, Dark Caracal uses the Bandook Trojan. The Trojan takes control of Windows by installing infected programs. Also, that will go unnoticed thanks to a legitimate security certificate. The malicious code can even hide in Word documents and run with macros. Remember those happy security warnings for macros? Here is the reason
Our recommendation is usual in these cases. Do not download anything from anywhere. Install only applications that come from trusted sites, and always take precautions. Because not even on Google Play is one safe from hacking.