Jul 12, 2020 | Updated: 11:00 AM EDT

Spy Android Malware That Hit Mobile Phones of Israeli Forces Can Eavesdrop, Access Contacts List, Name It

Feb 21, 2017 04:41 AM EST


The spy Android malware that has infected mobile phones of some 100 members of Israel Defense Forces (IDF) can do a lot of eavesdropping functions that would expose and compromise every victimized soldier's whereabouts to a well-informed enemy. The malware once it enters into the phone's system can access contacts list, read text messages, take photos and screenshots, record video and audio and send files at the command of an enemy remotely accessing the phone.

In cooperation with the IDF Information Security Department, the Kaspersky Lab researchers have diagnosed the malware as intended for Android phones. The intensive probe came in the wake of a cyber espionage attack to some 100 IDF Forces by Hamas militants. The cyber espionage attack accordingly started last July and is still continuing to present.

The modus operandi that victimized the IDF Forces involved first their luring by pretty women from Canada, Germany, and Switzerland. They tempted and tricked Israel soldiers to click an update button of an already installed application in the phone purportedly to connect themselves closely with the women. Once installed by clicking, the opening button would then scan the phone and download the malicious app.

So far the Kaspersky researchers have seen a "WhatsApp Update". By putting the GPS and location functions of the phone under control, hacker-enemies can well analyze the spread, tactics, and location of their targets. If the phone camera is accessed or phone conversations are listened to, enemy soldiers can well manage to know the armaments and equipment used by their targets.

Cyberespionage attack to soldiers on actual warfare happened already in the case of the Ukranian artillery personnel during the conflict in Donbas region from 2012 to 2014. The spy malware was identified to have been created by the Russian APT28 cyber espionage group. It was a Trojan application that processes targeting data for the Soviet-made D-30 howitzer.

Analysts said that the "Ukranian malware" was the reason that the Ukranian artillery force involved in the Donbas conflict lost 80 percent of their D-30 howitzers. Probers are still investigating cyber trails of attackers including the possibility of involvement of this Russian cyber espionage group or Hamas militants.

Last month, the Israel Army uncovered the scam of Hamas militants on using the same women trick to hack their soldiers' phones and spy on them. The Army said though that there were only "dozens" usually low-ranking soldiers who fell victims of the scam and that Hamas was not really able to uncover major secrets. From "dozens", the fresh report from IDF has talked about "some 100 soldiers."

Real Time Analytics