A modern and highly sophisticated malware campaign targets a Tibetan groups to exploit and install spyware , permanent tracker installed on their mobile (iPhone and Android devices). The spyware is delivered through WhatsApp message, all user need to do is a single click on the link within the WhatsApp text, researchers claimed.
According to Canadian researchers the POISON CARP employees “eight Android browser exploits and one Android spyware kit, as well as one iOS exploit chain and iOS spyware.”
It’s being labeled the most sophisticated attack on Tibetans yet, after attempts were made to steal WhatsApp and Facebook chats as well as locations with some novel techniques. Forbes reported.
The hackers, believed to be sponsored by the Chinese government, have been dubbed Poison Carp by Citizen Lab, a group of surveillance-tracking researchers at the University of Toronto. The crew lured targets to open messages by pretending to be journalists or charity workers.
The Canadian researchers found technical links between Poison Carp and the group revealed to be targeting the iPhones and Android devices of Uighurs by Google Project Zero and Volexity in August. In particular, the same iPhone malware was used in both sets of attacks, while a website used to launch malicious code at Androids was the same.
None of those vulnerabilities were new, though in one case, the attackers tried to exploit a Google Chrome bug whose patch had not yet been deployed to users. Otherwise, anyone who was running an up-to-date Android or iOS at the time should’ve been protected from infection. But for those who didn’t update and were successfully hacked, their WhatsApp and Facebook messages, location, contacts, call and text histories, and Gmail emails could’ve been sent back to the snoops.
Each and everyday cyber attacks are evolving and Social Engineering plays a significant role in this campaign, the threat actor engaged in active conversation to infect the targets and to install the spyware on their device.
According to Bitly stats as of September 6, 2019, 140 clicks on the iOS exploits and the exploit chain designed targeting iOS versions 11 – 11.4. The exploit chain was reported to Apple security who confirmed both the browser and privilege escalation exploits and it was patched with iOS 11.4.1 in July 2018.as per the report from gbhackers.
The malware collection application data such as location data, contacts, call history, SMS history, and the following device information.
The Android Exploit dubbed MOONSHINE, like the iOS exploit it too delivered through WhatsApp, if the targets open the links via Chrome-based Android browser, it asks users to open the link via Facebook app’s built-in Chrome-based web browser.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
