Government-Sponsored Mobile Malware Campaign Uncovered: Why You Need to Be Cautious with Mobile Downloads

mobile malware

A mobile-targeted cyber espionage campaign dubbed ‘Dark Caracal’ has been uncovered by the Electronic Frontier Foundation and security firm Lookout.

The scheme has been in operation since at least January 2012, affecting users in over 21 countries. EFF and Lookout have uncovered the actors of the scheme, stating that the campaign has been operated from a building owned by the Lebanese General Security Directorate (GDGS) in Beirut.

We take a look at the advanced persistent threat (APT) group, and explain the problems that mobile malware can spell from a personal and business perspective.

What is Dark Caracal?

The actors involved in Dark Caracal claim to have stolen intellectual property and personally identifiable information from thousands of users. Their recent hacks have targeted mainly Android users by way of social engineering on Facebook and WhatsApp. Rather than relying on zero day exploits (software weaknesses for which there are no current patches), the hackers sought to encourage targets to visit compromised websites.

Once users were on the malicious websites, they were issued fake update prompts that encouraged them to download updates to messenger apps already on their phones. When application permission was given, users found their devices infected with damaging malware.

The malware in question has been dubbed Pallas, a surveillance malware threat with the potential to steal data, take photographs, spy on applications, record video and audio files and take text message files. In addition to the Pallas malware, Dark Caracal hackers used a secretive surveillance tool named FinFisher to mine information.

How Mobile Malware Can Affect Your Career or Business

At present, many employees use their smartphones to download business data – this can leave you open to dangerous personal compromise or even blackmail if hackers gain access to valuable business information.

When looking to download something in-office on a computer, most employees will be standard-level users with limited rights and protected by all the security features of the your network.  As mobile users, however, we usually have full administrative privileges and often grant applications permission rights to the software on our phone without a second thought.

Once your information is compromised, the potential for personal loss is quite high. The most prudent course of action to avoid mobile malware threats is to only use reputable sources, such as the Google Play Store, to download applications.

From a business perspective, the potential for loss is even greater.  If you’re looking to secure your employee’s BYOD (Bring Your Own Device) programme then talk to Computer One about how you can have the best of both worlds – device independence and information security.  Our Managed IT service will ensure your BYOD programme is very secure.