• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky.

by Cyber360 News
November 11, 2019
in Malware
0
Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky.

Kaspersky Lab researchers discovered an Android malware campaign active since 2016 and still going strong. Dubbed ViceLeaker; researchers claim that it is the product of a group of hackers that is specifically targeting Middle Eastern and Israeli citizens.

ViceLeaker campaign utilizes the notorious surveillance malware called Triout, and Kaspersky researchers detected it for the first time in May 2018. It is worth noting that Bitdefender also reported about the campaign in one of their recent blog posts, therefore, Kaspersky isn’t the only firm to have detected the malware campaign.

See: This malware turns itself into ransomware if you try to remove it

Initial analysis revealed that hackers were targeting “dozens of mobile Android devices belonging to Israeli citizens.” The spyware sensors used by Kaspersky detected attack signals from the device belonging to one of the victims along with the hash of an Android application (APK) involved in the attack.

ViceLeaker Android malware steals call recordings, photos, videos & texts

Attribution flow of the malware (Screenshot: Kaspersky)

Researchers then tagged a sample of their own to inspect further and discovered that the APK’s inner functionalities included launching a malicious payload, which was already embedded in the APK’s original coding.

This means, it was a customized spyware program developed to extract sensitive data. To disassemble the original application’s code and add the malicious one, attackers have used the Smali injection technique. 

The research findings were released by Kaspersky in a private report to notify and alert citizens regarding the newly discovered campaign. The report reveals that the malware can steal call recordings, photos, videos, text messages, and location data without alerting the user.

Furthermore, what’s worse is that the malware is also equipped with backdoor capabilities such as it can upload/download/delete files, control the camera and record audio files, initiate calls and send out text messages to certain numbers. 

Although it is unclear who is behind the campaign, researchers used an exposed email address to track the attacker’s footsteps to Iran.

ViceLeaker Android malware steals call recordings, photos, videos & texts

WHOIS records of C2 server exposing the attacker’s email address (Screenshot: Kaspersky)

“We are currently investigating whether this group might also be behind a large-scale web-oriented attack at the end of 2018 using code injection and exploiting SQL vulnerabilities. Even when this would not be directly related to the Android malware described in this blog post, it would be an indicator of wider capabilities and objectives of this actor,” Kaspersky said in a statement.

What’s most concerning is the fact that malware attacks against Android users are at its peak. In the last couple of days, researchers have already exposed two other campaigns targeting unsuspecting users including cryptomining malware and malware capable of bypassing 2FA and stealing the one-time password.

It is advised that you must refrain from downloading unnecessary apps from Play Store and third-party websites. Moreover, keep your device updated and use reliable anti-virus software at all times.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Both NanoCore and LokiBot are Info-stealing Trojans.

Both NanoCore and LokiBot are Info-stealing Trojans.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In