Left Menu
Development News Edition

ESET discovers new operation within cyber-espionage campaign in Middle East

Instrumental in the operation is an Android app, Welcome Chat, which serves as spyware while also delivering the promised chatting functionality.

Devdiscourse News Desk | Updated: 15-07-2020 08:20 IST | Created: 15-07-2020 08:20 IST
ESET discovers new operation within cyber-espionage campaign in Middle East
ESET researchers tried to establish whether Welcome Chat is an attacker-trojanized version of a clean app or a malicious app developed from scratch. Image Credit: Pexels

ESET researchers have discovered a new operation within a long-running cyber-espionage campaign in the Middle East, apparently with links to the threat actor group known as Gaza Hackers or Molerats.

Instrumental in the operation is an Android app, Welcome Chat, which serves as spyware while also delivering the promised chatting functionality. The malicious website promoting and distributing the app claims to offer a secure chat platform that is available on the Google Play store. Both those claims are false; the claim of being "secure" couldn't be further from the truth, according to ESET researchers.

"In addition to Welcome Chat being an espionage tool, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store," says Lukáš Štefanko, the ESET researcher who conducted the analysis of Welcome Chat.

The Welcome Chat app behaves like any chat app downloaded from outside Google Play: it needs the setting "Allow installing apps from unknown sources" to be activated. After installation, it requests permission to send and view SMS messages, access files, and record audio, as well as requesting access contacts and device location. Immediately after receiving the permissions, Welcome Chat starts receiving commands from its Command and Control (C&C) server, and it uploads any harvested information. Besides chat messages, the app steals information such as sent and received SMS messages, history of calls, contact list, photos, phone call recordings and GPS location of the device.

"Unfortunately for the victims, the Welcome Chat app, including its infrastructure, was not built with security in mind. Transmitted data is not encrypted, and because of that, not only is it freely accessible to the attacker, but also to anyone on the same network," comments Štefanko.

ESET researchers tried to establish whether Welcome Chat is an attacker-trojanized version of a clean app or a malicious app developed from scratch. "We did our best to discover a clean version of this app, to make its developer aware of the vulnerability. But our best guess is that no such app exists. Naturally, we made no effort to reach out to the malicious actors behind the espionage operation," explains Štefanko.

The Welcome Chat espionage app belongs to a known Android malware family and shares infrastructure with a previously documented espionage campaign named BadPatch, which also targeted the Middle East. BadPatch has been attributed to the Gaza Hackers, aka Molerats, threat actor group. Based on this, we believe that this campaign with the new Android trojans comes from the same threat actors.

While the Welcome Chat-based espionage operation seems to be narrowly targeted, ESET strongly discourages users from installing apps from outside the official Google Play store – unless it's a trusted source, such as the website of an established security vendor or some reputable financial institution. On top of that, users should pay attention to what permissions their apps require and be suspicious of any apps that require permissions beyond their functionality – and, as a very basic security measure, users should run a reputable security app on their mobile devices.


TRENDING

OPINION / BLOG / INTERVIEW

How UK’s 'best prepared' healthcare system failed to gauge COVID-19

The UK is proud of their public health system and its unlike any other country as around 90 percent of British public supports the founding principles of National Health Service. But without accurate data being available to stakeholders in ...

Poor on IHR capacity progress in 2019, WHO says Cambodia tops COVID-19 response

Despite being in proximity to Hubei, the original epicenter of COVID-19 pandemic, Cambodia has reported just 226 confirmed cases and zero deaths. After seeing the data, WHO appreciated Cambodias healthcare information system but experts dou...

Loopholes in Healthcare Information System may have failed Singapore COVID-19 model

In the initial days of the COVID-19 outbreak, Singapore was in the limelight for its effective healthcare system and pandemic response plan. However, Singapore has now joined the list of the worst-hit nations and the situation is even worse...

Australia's COVID-19 response: Digital infrastructure of help but implementation remains a challenge

Australias ongoing plans to upgrade its health information system helped by the Digital Health Strategy seem even more practical due to the pandemic. But as evident during the pandemic, administrative lapses and the complex matrix of power ...

Videos

Latest News

Centre should intervene, order NIA, ED probe in Sushant Singh Rajput death case: Nishikant Dubey

Demanding the Centre to intervene, BJP leader Nishikant Dubey said that agencies, including National Investigation Agency NIA and Enforcement Directorate ED, should investigate the death case of Bollywood actor Sushant Singh Rajput. The Lok...

Danielle Brooks to play gospel legend Mahalia Jackson in biopic

Orange Is the New Black alum Danielle Brooks has signed on to play gospel music icon and civil rights activist Mahalia Jackson in an upcoming biopic in the works at Lifetime. The movie, titled Robin Roberts Presents The Mahalia Jackson Stor...

Dilip Buildcon bags road project worth Rs 1,140.50 cr in Telangana

Dilip Buildcon on Tuesday said it has bagged a road project worth Rs 1,140.50 crore in Telangana. The company has been declared as L-1 bidder in the tender floated by the National Highways Authority of India for the...project in the state o...

Looking forward to playing in Women's T20 Challenge, says Smriti Mandhana

Opening batter Smriti Mandhana has welcomed the move of going ahead with the Womens T20 Challenge, saying she is really looking forward to playing the tournament. Her remark comes as Board of Control for Cricket in India BCCI confirmed that...

Give Feedback