U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hamas cyber-operatives lure Israeli soldiers to spyware hidden in tainted apps

Israeli military intelligence accused Hamas operatives of creating tainted apps to lure soldiers into downloading spyware onto their phones. According to a report published by the Israeli military, Hamas hackers are attempting to lure Israel Defence Forces (IDF) soldiers into installing tainted apps on their devices. Israeli military already blamed Hamas of similar attacks, but this […]

GlanceLove Hamas fake app

Israeli military intelligence accused Hamas operatives of creating tainted apps to lure soldiers into downloading spyware onto their phones.

According to a report published by the Israeli military, Hamas hackers are attempting to lure Israel Defence Forces (IDF) soldiers into installing tainted apps on their devices.

Israeli military already blamed Hamas of similar attacks, but this time the hackers managed to serve the apps through the official Google Play Store to increase the likelihood of success.

The experts from the Israel firm ClearSky have identified the following apps:

  • WinkChat – com.winkchat.apk (dating app)
  • GlanceLove – com.coder.glancelove.apk (dating app)
  • Golden Cup – anew.football.cup.world.com.worldcup.apk (Wordcup app)

Hamas GlanceLove fake app

Hamas operatives created a number of fake Facebook profiles using photos of attractive women to lure IDF soldiers into private conversations, then trick them into installing one of the compromised apps.

Israeli military officials explained that Hamas operatives adopted the same tactic in a campaign launched in January-

In January, the hackers used the profile of a woman named “Elianna Amer,” in these last attacks, that lasted at least for three months, they used the profile of a woman named “Lina Kramer.”

“I got a message on Facebook that looked innocent at first, from someone named Lina Kramer, we started talking on Facebook, then we moved to Whatsapp, and then she asked me to download an app called GlanceLove,” explained a former IDF soldier.

“At this stage, my suspicion was final, and I decided to consult a friend who helped me understand that it was a fictitious profile with malicious intentions. From there I turned to the information security officer in my unit who helped me.”

According to Israeli army intelligence officers, the attacks failed to damage military security.

“No damage was done, as we stopped it in time,” one of the officers said.

Th Israeli newspaper Haaretz provided a different version of the facts, it reported that at least “hundreds” of soldiers were infected.

Hamas managed to hack into the phones of hundreds of Israeli soldiers using dating and World Cup apps and managed to gather sensitive information about the military and some of its bases around the Gaza strip.” reported Haaretz.

“The apps allowed malicious software controlled by Hamas to be planted into Android smartphones, enabling militants in the Strip to access pictures, phone numbers and email addresses of soldiers posted close to the border, and even allowed Hamas to control the phones’ cameras and microphones remotely.”

The analysis of the apps revealed they were tainted with a spyware that can take over devices and exfiltrate sensitive data.

According to the experts, threat actor behind these attacks is codenamed Arid Viper.

In 2015, security experts at Trend Micro uncovered a cyber espionage campaign, dubbed Operation Arid Viper, that targeted Israeli institutions. The Operation Arid Viper was run by Arab-speaking hackers that sought to extract sensitive documents by sending phishing emails. The phishing campaigns targeted government office, infrastructure providers, a military organization, and academic institutions in Israel and Kuwait

In the past, security experts linked Hamas operatives to another APT tracked as Gaza Cybergang (Gaza Hackers Team or Molerats).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hamas,  Israel)

[adrotate banner=”5″]

[adrotate banner=”13″]