The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. They have dubbed the threat Dark Caracal, and have traced its activities to as far back as 2012.
The attackers went after information stored on targets’ Android devices and Windows PCs: SMS messages, call records, contacts, account information, WhatsApp, Telegram and Skype databases, files, legal and corporate documentation, photos, audio recordings, iPhone backups, and so on.
The malware used to exfiltrate data from Android devices has been dubbed “Pallas” by the researchers, and comes in the form of trojanized messaging apps (Signal, WhatsApp, Threema, Primo, Plus Messanger), security/privacy apps (Psiphon VPN, Orbot: TOR Proxy), or other apps (Adobe Flash, Google Play Push).
Read more about the Dark Caracal threat, which researchers believe is being administered out of the headquarters of the General Directorate of General Security (GDGS) in Beirut, Lebanon, on Help Net Security.