Syrian Malware Is On The Rise, Warns Kaspersky

The number of cyber attacks against Internet users in Syria is growing, with organised groups relying on increasingly sophisticated strains of malware to target media agencies, activists and dissidents, warns Russian security vendor Kaspersky Labs.

According to a report by Kaspersky’s Global Research & Analysis Team (GReAT), groups from both sides of the civil war are using advanced social engineering techniques, modifying legitimate apps and obfuscating their code in order to infect target machines with Remote Access Tools (RATs) such as the ‘Dark Comet’.

The company says people should be extra careful when they access online material that relates to the conflict.

Way back in 2012, F-Secure reported that the Syrian government had used social engineering and RATs to infect activist systems with surveillance tools.

Information warfare

While conducting the study, GReAT discovered 110 different malicious files used in attacks against targets in Syria and the region – a “dramatic” increase over the last year. The team believes that the number of victims exceeds 10,000, with some of these files being downloaded more than 2000 times.

RATs can give the attacker complete control over the target system – they can log every keystroke, activate microphone and webcam, steal any type of data as well as launch additional malicious apps. Such tools are being distributed in Syria through a variety of methods.

For example, GReAT found a RAT which is launched when users try to access the ‘National Security Program’, a fake application that allegedly holds the names of all the people wanted by the Syrian state. A link to another heavily obfuscated malware package was hiding in a description for a YouTube video showing disturbing images of the conflict.

Another method of getting a system compromised is through ‘Ammazon Internet Security’ (sic), a completely fake security application that seems to be modelled on Windows Defender, and leaves the victims’ computers with no protection and a RAT installed.

Malware can also piggyback on top of legitimate applications – for example, GReAT discovered an infected version of Total Network Monitor software, which is often used by activists to secure their communications and escape surveillance, and thus presents the perfect targeting mechanism. Repackaged apps for Smart Firewall, SSH VPN, and encrypted social networks WatsApp and Viber have also been spotted carrying malware.

Most of the attackers’ command and control centres were tracked to IP addresses in Syria, Russia, Lebanon, the US and Brazil.

“A combination of factors – social engineering, rapid app development and remote administration tools for taking over the victim’s entire system – creates a worrying scenario for unsuspecting users,” said Ghareeb Saad, senior security researcher at GReAT, Kaspersky Lab.

“We expect attacks by Syrian malware to continue and evolve both in quality and quantity. Therefore, users should be especially careful of suspicious links, double-check their downloads and have a reliable and comprehensive security solution installed.”

Can you look after your personal data online? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago