"The threat researchers say the campaign may be linked to a Hamas-aligned cyberespionage group called Arid Viper (aka APT-C-23, Desert Falcons, or Two-tailed Scorpion) that has been active since at least 2013. This crew typically targets Israelis using surveillance malware for Android, iOS, and Windows systems."
"This new campaign used SMS messages impersonating the official "Oref Alert" rocket warning service, distributed from spoofed sender IDs, and urged recipients to install an updated version of the emergency-alert app. The messages included a bit.ly shortened link - but instead of taking users to a legitimate Red Alert update, it redirected them to download spyware that collects and steals their information."
"The malware's developers used spoofed certificates and the app also spoofed the installer source, making the software appear to have been installed from Google Play. This allowed it to bypass Android security checks and appear to have been legitimately signed."
Security researchers discovered a malicious campaign targeting Israeli citizens through SMS messages impersonating the official Oref Alert rocket warning service. The trojanized app, a fake version of the Red Alert emergency-alert application, was distributed via spoofed sender IDs with bit.ly shortened links redirecting users to download spyware instead of legitimate updates. The malware uses spoofed certificates and installer sources to appear legitimately signed from Google Play, bypassing Android security checks. Researchers attribute the campaign to Arid Viper, a Hamas-aligned cyberespionage group active since 2013 that specializes in surveillance malware targeting Israeli users across Android, iOS, and Windows systems. The malware requests 20 permissions, with six providing particularly concerning real-time access to user data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]