Beware! Hacker Are Using ‘Dark Caracal’ Malware; Turning Your Smartphones Into Spycams
An investigation by the Electronic Frontier Foundation and security biz Lookout has uncovered Dark Caracal, a surveillance-toolkit-for-hire that has been used to suck huge amounts of data from Android mobiles and Windows desktop PCs around the world.
Lebanon’s General Directorate of General Security (GDGS) has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries.
As per the researchers, the cyber attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and steal any data from them undetected.
The state-backed hackers, dubbed “Dark Caracal” by the report’s authors – after a wild cat native to the Middle East – used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.
Michael Flossman, the group’s lead security researcher, told that EFF and Lookout took advantage of the Lebanon cyber spying group’s failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.
Dark Caracal has focused their attacks on government officials, military targets, utilities, financial institutions, manufacturing companies, and defence contractors, according to the report.
The malware, once installed, could do things like remotely take photos with front or back camera and silently activate the phone’s microphone to record conservations, researchers said.