 |
| The Syrian regime spies on the Syrians through Corona applications |
Lookout, a US-based cyber security company, discovered that the Syrian regime launched an online piracy campaign against Syrian citizens and smartphone users by launching an application called Corona Virus in the form of distributed spyware.
According to the company, hackers associated with the Syrian regime used 71 new malicious applications on Android devices last month to take advantage of the Corona virus pandemic, so these apps allow the system to geographically intelligently locate the user, messages, photos, video, audio and contacts.
Although some malware samples were developed in March, the campaign was part of a spy campaign that started at least in January 2018. It appears to target Arabic-speaking Syrians and those who could criticize the Syrian government.
"If your device is infected and someone is looking at you because you are a dissident, a rebel, or a journalist, then now you will know who is talking, where it is going, who it is," Christine Del Russo, the security research engineer responsible for Lookout reverse engineering applications for Android, told CyberScoop. Meet?
Del Rousseau pointed out that the campaign was part of a long-term intelligence operation carried out by the Syrian government against the Syrian people, adding: "This ongoing campaign uses various nicknames and links to everything like major events. Do new things that they can use to infect malware."
The application used in the Syrian campaign is an application that simulates the user's body temperature. Must have permission to take and change photos and videos to delete the contents of the external memory card. However, it launches malware (AndoServer), the application contains other functions that can be implemented in the background without the user noticing.
The researchers say that the program can launch other applications, record audio, extract call records, text messages and contact lists, and call and send text messages to specific contacts to track the user's geographical location.
Del Russo said that some spyware applications that hackers use have not yielded practical benefits to victims.
Surveillance researchers linked this activity to the Syrian system because the command and control server for the applications is located in the address block of the STE Internet Service Provider (Tarasul). Who was a pirate backed by Syria. The organization (called the military) provides the Syrian postal infrastructure (SEA).
Most malicious applications in the Syrian surveillance campaign use custom versions of commercial malware (SpyNote) that correspond to the historical activity of the Syrian Electronic Army (SEA), and evidence proves that users have received applications containing malware from unofficial sources. Program and because it is not available in the store (Google Play).