A group of hackers(State Sponsored) were spying on Israeli military by hacking into their android phone of individuals soldiers to monitor their activities and steal their personal data.
ViperRat, malware specially developed to hijack and spy over Israeli soldiers smartphones(Android) and remotely access their data, which includes photos, audio recordings directly.
How had they done it?
According to the security researchers, IDF soldiers had been compromised by using social engineering techniques, where soldier were contacted via Facebook Messenger and other social networking platforms, where the hacker pretended as an attractive women from various countries like Canada, Germany, and Switzerland and made personnel trick into installing Trojan program of two different android chat apps like SR chat and YeeCall pro.
The malicious program scanned the personnel phones and downloaded the second malicious application that behaved as an update of already installed apps, such as WhatsApp or any other apps tricking users in allowing various permissions for accessing their data.
And now everything is in attackers hand. Attacker executes a code, enabling them access to the microphone, camera, conversation and live footage. ViperRat malware dig some other data from compromised devices like Geolocation, messages, photos, cell phone tower information, device metadata, browsing history, app download history and can even get root access.
What is root access?
Root access define as getting administrative (superuser) permissions Thus, rooting gives the permission to alter system applications and settings, run specialized applications (“apps”) that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user
According to the researchers, the attacker was successful in establishing a widespread cyber attack campaign by compromising mobile devices belonging to over 100 Israeli soldiers. Almost 10000 files stolen from compromised devices were identified by lookup research done by the researcher.
Is Hamas behind the attack.
The IDF working with Kaspersky investigating about the incident and stated that Hama could be the one behind these attacks. But after researching more in depth they found that Hama is not behind the attack as they are not known for the sophisticated mobile malicious capabilities being used in the attack.
According to Lookout researchers, “Based on tradecraft, the modular structure of code and use of cryptographic protocols [AES and RSA encryption] the actor appears to be quite sophisticated.”
How to become safe?
Never download apps from untrusted third-party sources and never disclose your information to any unknown person over chats.