- Joined
- May 18, 1997
- Messages
- 55,601
Lookout and Electronic Frontier Foundation are telling us a Lebanese General Security Directorate in Beirut is very possibly behind an Android and Windows malware known as Dark Caracal. It looks as though this malware has been in the wild for six years and is pointed at capturing files, call logs, and the body of text messages. It seems to have been primarily focused on stealing this information from "military personnel, enterprises, medical professionals, activists, journalists, lawyers, and educational institutions." Most of the malware has been sourced back to a watering hole server and phishing domains related to Twitter and Facebook. Fake WhatsApp and Signal apps have also been identified. This is a good read if you are into this kind of thing (PDF). So all in all, if you have this malware, it is your own damn fault.
Dark Caracal has successfully run numerous campaigns in parallel and we know that the data we have observed is only a small fraction of the total activity. We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America,
Europe, the Middle East, and Asia. Dark Caracal follows the typical attack chain for cyber-espionage. They rely primarily on social media, phishing, and in some cases physical access to compromise target systems, devices, and accounts.
Dark Caracal has successfully run numerous campaigns in parallel and we know that the data we have observed is only a small fraction of the total activity. We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America,
Europe, the Middle East, and Asia. Dark Caracal follows the typical attack chain for cyber-espionage. They rely primarily on social media, phishing, and in some cases physical access to compromise target systems, devices, and accounts.