An Interest In:
Web News this Week
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
- April 11, 2024
- April 10, 2024
Some of Our Sources
- Engadget
- Techcrunch
- Joshua Blankenship
- You The Designer
- Naldz Graphics
- Web Design Ledger
- Reencoded
- CSS Globe
- Stylized Web
- Web Resource Source
Help Webnuz
Referal links:
October 4, 2019 01:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/03rS8C1NHVI/egypt-used-google-play-in-spy-campaign-targeting-its-own-citizens
Egypt Used Google Play In Spy Campaign Targeting Its Own Citizens
An anonymous reader quotes a report from Ars Technica: Hackers with likely ties to Egypt's government used Google's official Play Store to distribute spyware in a campaign that targeted journalists, lawyers, and opposition politicians in that country, researchers from Check Point Technologies have found. The app, called IndexY, posed as a means for looking up details about phone numbers. It claimed to tap into a database of more than 160 million Arabic numbers. One of the permissions it required was access to a user's call history and contacts. Despite the sensitivity of that data, those permissions were understandable, given the the app's focus on phone numbers. It had about 5,000 installations before Google removed it from Play in August. Check Point doesn't know when IndexY first became available in Play. Behind the scenes, IndexY logged whether each call was incoming, outgoing, or missed as well as its date and duration. Publicly accessible files left on indexy[.]org, a domain hardcoded into the app, showed not only that the data was collected but that the developers actively analyzed and inspected that information. Analysis included the number of users per country, call-log details, and lists of calls made from one country to another. IndexY was one piece of a broad and far-ranging surveillance campaign that was first documented in March by Amnesty International. It targeted people who played adversarial roles to Egypt's government and prompted warnings from Google to some of those targeted that "government-backed attackers are trying to steal your password." Check Point found that, at the same time, Google was playing a key supporting role in the campaign. According to Lotem Finkelshtein, Check Point's threat intelligence group manager, one of the ways the attackers evaded Google vetting of the app was that the analysis and inspection of the data happened on the attacker-designated server and not on an infected phone itself. "Google couldn't see the info that was collected," he said. IndexY was one of at least three pieces of Android malware that Check Point tied to the campaign. "A different app purported to increase the volume of devices, even though it had no such capability," reports Ars Technica. "Called iLoud 200%, it collected location data as soon as it was started. In the event it stopped running, iLoud was able to restart itself. Finkelshtein said that that app was distributed on third-party sites and was installed an unknown number of times." v1.apk was another app that communicated with the domain drivebackup[.]co and appeared to be in an early testing phase.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/03rS8C1NHVI/egypt-used-google-play-in-spy-campaign-targeting-its-own-citizens
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot