ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.
First, the good news: Dark Caracal does not mean that Signal or WhatsApp themselves are compromised in any way. It only means that attackers found new, insidious ways to create and distribute fake Android versions of them. (iOS is not affected.) If you downloaded your apps from Google’s official app store, Google Play, then you are almost certainly in the clear. The threat uncovered in the Dark Caracal report referred to “trojanized” apps, which are fake apps that pretend to look like real, trusted ones. These malicious spoofs often ask for excessive permissions and carry malware. Such spoofed versions of Signal and WhatsApp were involved in the Dark Caracal campaign.
The malicious actors behind Dark Caracal got these fake, malicious apps onto people’s phones by spearphishing. Several types of phishing emails directed people—including military personnel, activists, journalists, and lawyers—to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people’s phones to install the fake apps. Again, if you downloaded your apps from the official app store, you can rest easy that this has likely not affected you.
And now the bad news: Dark Caracal has wide-reaching implications for how state-sponsored surveillance and malware works. Most people do not have to worry about this very specific threat. But for the small minority of users who may be directly targeted by nation-states or other skilled, motivated adversaries—and for the malware researchers who try to track those adversaries down—the Dark Caracal report uncovers a new infrastructure that makes it even harder to attribute attacks and malware campaigns to a particular nation or actor. More details are available in the report.
Dark Caracal is also a reminder that most modern hacking requires the unwitting participation of the user. The most dangerous thing in the online environment is not necessarily complex, headline-grabbing vulnerabilities, but well-crafted phishing messages and fake apps that trick users into handing over log-in credentials and granting excessive permissions. Keep an eye out for links, attachments, and apps pretending to be something they’re not, and make sure your friends, neighbors, and others in your community are informed too.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.