The researchers from The Electronic Frontier Foundation (EFF) and mobile security company Lookout worked together and unearthed a new malware dubbed as R20;Dark Caracal,” which is basically an espionage campaign infecting thousands of people in more than 20 countries.
This new malware has stolen nearly hundreds of gigabytes of data till now, which is primarily stolen through mobile devices compromised by fake secure messaging clients.
“People in the US, Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” EFF Director of Cybersecurity Eva Galperin said in a press statement.
According to the report, the hackers used sophisticated phishing techniques to steal text messages, call records, audio recordings, photos, and other data from their victims. They send a fake trustworthy or known sources with a malicious link and trick the users into sharing confidential information with them.
“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said Electronic Frontier Foundation technologist Cooper Quintin in a statement.
The security researchers have pointed out that Dark Caracal has been operating since 2012, but it is hard to track because there has been a number of espionage campaigns originating from the same domain names.
To avoid being a victim of any kind of espionage one should not click on any unrelated links, and secondly should download apps from trusted sources only, not from the third party.