More than 100 soldiers from the Israel Defense Forces (IDF) have become the target of a cyberespionage group when information from their mobile devices was stolen using malicious Android applications.
ViperRAT, the clandestine hacking collective was found actively
hijacking soldiers’ Android-based smartphones to remotely siphon images
and audio directly from the devices.
Highly sophisticated malware allowed the attackers to control each
phone’s microphone and camera. In effect, the hackers could eavesdrop on
soldiers’ conversations and peer into live camera footage — wherever an
affected smartphone’s camera would be pointed, that vantage point could
have also been viewable to the hackers.
A list of installed apps on the infected mobile device is also sent out
by the dropper. Some variants will pretend to be chat apps, another
variant will pretend to be a YouTube layer, depending on what's already
installed on the device.
Other Android smartphone applications common to Israeli citizens and
available in the Google Play store — including a billiards game, an
Israeli Love Songs player, and a Move To iOS app — where found to
contain hidden ViperRat malware.
While the malicious actors behind ViperRAT have yet to be explicitly
identified, their activity patterns suggest that the cyberespionage is
being carried out by a group operating out of the Middle East.