Syrian Malware Is On The Rise, Warns Kaspersky

The number of cyber attacks against Internet users in Syria is growing, with organised groups relying on increasingly sophisticated strains of malware to target media agencies, activists and dissidents, warns Russian security vendor Kaspersky Labs.

According to a report by Kaspersky’s Global Research & Analysis Team (GReAT), groups from both sides of the civil war are using advanced social engineering techniques, modifying legitimate apps and obfuscating their code in order to infect target machines with Remote Access Tools (RATs) such as the ‘Dark Comet’.

The company says people should be extra careful when they access online material that relates to the conflict.

Way back in 2012, F-Secure reported that the Syrian government had used social engineering and RATs to infect activist systems with surveillance tools.

Information warfare

While conducting the study, GReAT discovered 110 different malicious files used in attacks against targets in Syria and the region – a “dramatic” increase over the last year. The team believes that the number of victims exceeds 10,000, with some of these files being downloaded more than 2000 times.

RATs can give the attacker complete control over the target system – they can log every keystroke, activate microphone and webcam, steal any type of data as well as launch additional malicious apps. Such tools are being distributed in Syria through a variety of methods.

For example, GReAT found a RAT which is launched when users try to access the ‘National Security Program’, a fake application that allegedly holds the names of all the people wanted by the Syrian state. A link to another heavily obfuscated malware package was hiding in a description for a YouTube video showing disturbing images of the conflict.

Another method of getting a system compromised is through ‘Ammazon Internet Security’ (sic), a completely fake security application that seems to be modelled on Windows Defender, and leaves the victims’ computers with no protection and a RAT installed.

Malware can also piggyback on top of legitimate applications – for example, GReAT discovered an infected version of Total Network Monitor software, which is often used by activists to secure their communications and escape surveillance, and thus presents the perfect targeting mechanism. Repackaged apps for Smart Firewall, SSH VPN, and encrypted social networks WatsApp and Viber have also been spotted carrying malware.

Most of the attackers’ command and control centres were tracked to IP addresses in Syria, Russia, Lebanon, the US and Brazil.

“A combination of factors – social engineering, rapid app development and remote administration tools for taking over the victim’s entire system – creates a worrying scenario for unsuspecting users,” said Ghareeb Saad, senior security researcher at GReAT, Kaspersky Lab.

“We expect attacks by Syrian malware to continue and evolve both in quality and quantity. Therefore, users should be especially careful of suspicious links, double-check their downloads and have a reliable and comprehensive security solution installed.”

Can you look after your personal data online? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

US Approves SpaceX Starlink For Planes, Trains And … Ships

US FCC regulator gives its official approval for SpaceX to use its Starlink satellite internet…

4 hours ago

Bitcoin Falls Below $19,000, But Recovers Slightly Friday

Ominous sign for crypto markets? The value of Bitcoin dropped over 6 percent to below…

6 hours ago

Meta Slashes Hiring As It Braces For Downturn – Report

CEO Mark Zuckerberg tells staff to brace for a deep economic downturn, as Meta cuts…

7 hours ago

Silicon In Focus Podcast: Connected Business

Is the definition of a ‘connected business’ very different today than it was just two…

9 hours ago

BT Disappointed As CWU Votes To Strike, Despite 5 To 8 Percent Pay Rise

First strike in 35 years after BT staff with the e Communications Workers Union vote…

24 hours ago