Social engineers have been hired to spy the photos and audio record of the infected mobile phone of the Israeli military. The information has been collected through a malware named as ViperRAT. According to security agencies, the Android mobile phones has been attacked potentially to take the audio, video and photos record.
The attacker has not been yet identified:
At yet the attacker group has not been identified, ViperRAT is sensitive to collect the information only from the infected devices. The attacker is more interested in video and images and seems less interested in SMS messages and contact books or location.
The ViperRAT is under observation of the cybersecurity researchers, the lookout and Kaspersky Lab. The ViperRAT is working at early stages and it can penetrate only in Android devices. Up till now, almost 100 Israeli military men have been attacked, almost 9,000 files have been stolen from devices. The attacked devices include Samsung, HTC, LG, and Huawei, likely the IDF is not the only target.
Michael Flossman, security research services lead EMEA at Lookout said that “Not only IDF personnel has been attacked but an indication is that several other groups are also targeted.”
How ViperRAT intervenes in the system:
The attackers are social media engineers in order to penetrate the Android smartphones of IDF users the hacker poses as young women on social media or through Facebook messenger. Once the hacker has entered the system, it redirects the installation of another application for easier communication through directly sending an infected URL. The ViperRAT also targets through Israeli song players and billiard games. The addition URLs which are sent needs various permission, that allows the hacker to enter in the system and make access to many files. For example in an update of Whatsapp. The attacker asks various permissions which automatically enter the audio, video and contact files.
By using the WebSocket protocol, ViperRAT can gather information about the device, send and receive messages, browse the web, spies the conversations and most importantly take photos at any time. The attacker can also command search for and steal PDF and Office documents. The malicious actors of ViperRAT identify the activity patterns suggest that the cyber espionage.
Flossman says they operate between Sunday and Thursday, the work week that’s followed by several Middle Eastern countries,”. The only way to avoid the ViperRAT is not to download the recommended files.