Left Menu
Development News Edition

ESET discovers new operation within cyber-espionage campaign in Middle East

Instrumental in the operation is an Android app, Welcome Chat, which serves as spyware while also delivering the promised chatting functionality.

Devdiscourse News Desk | Updated: 15-07-2020 08:20 IST | Created: 15-07-2020 08:20 IST
ESET discovers new operation within cyber-espionage campaign in Middle East
ESET researchers tried to establish whether Welcome Chat is an attacker-trojanized version of a clean app or a malicious app developed from scratch. Image Credit: Pexels

ESET researchers have discovered a new operation within a long-running cyber-espionage campaign in the Middle East, apparently with links to the threat actor group known as Gaza Hackers or Molerats.

Instrumental in the operation is an Android app, Welcome Chat, which serves as spyware while also delivering the promised chatting functionality. The malicious website promoting and distributing the app claims to offer a secure chat platform that is available on the Google Play store. Both those claims are false; the claim of being "secure" couldn't be further from the truth, according to ESET researchers.

"In addition to Welcome Chat being an espionage tool, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store," says Lukáš Štefanko, the ESET researcher who conducted the analysis of Welcome Chat.

The Welcome Chat app behaves like any chat app downloaded from outside Google Play: it needs the setting "Allow installing apps from unknown sources" to be activated. After installation, it requests permission to send and view SMS messages, access files, and record audio, as well as requesting access contacts and device location. Immediately after receiving the permissions, Welcome Chat starts receiving commands from its Command and Control (C&C) server, and it uploads any harvested information. Besides chat messages, the app steals information such as sent and received SMS messages, history of calls, contact list, photos, phone call recordings and GPS location of the device.

"Unfortunately for the victims, the Welcome Chat app, including its infrastructure, was not built with security in mind. Transmitted data is not encrypted, and because of that, not only is it freely accessible to the attacker, but also to anyone on the same network," comments Štefanko.

ESET researchers tried to establish whether Welcome Chat is an attacker-trojanized version of a clean app or a malicious app developed from scratch. "We did our best to discover a clean version of this app, to make its developer aware of the vulnerability. But our best guess is that no such app exists. Naturally, we made no effort to reach out to the malicious actors behind the espionage operation," explains Štefanko.

The Welcome Chat espionage app belongs to a known Android malware family and shares infrastructure with a previously documented espionage campaign named BadPatch, which also targeted the Middle East. BadPatch has been attributed to the Gaza Hackers, aka Molerats, threat actor group. Based on this, we believe that this campaign with the new Android trojans comes from the same threat actors.

While the Welcome Chat-based espionage operation seems to be narrowly targeted, ESET strongly discourages users from installing apps from outside the official Google Play store – unless it's a trusted source, such as the website of an established security vendor or some reputable financial institution. On top of that, users should pay attention to what permissions their apps require and be suspicious of any apps that require permissions beyond their functionality – and, as a very basic security measure, users should run a reputable security app on their mobile devices.


TRENDING

OPINION / BLOG / INTERVIEW

3D printing and the future of manufacturing post COVID-19

The on-demand, customizable, and localized manufacturing of product components facilitated by 3D printing has the potential to redefine manufacturing but there are certain technical, mechanical, and legal limitations that, unless ...

How UK’s 'best prepared' healthcare system failed to gauge COVID-19

The UK is proud of their public health system and its unlike any other country as around 90 percent of British public supports the founding principles of National Health Service. But without accurate data being available to stakeholders in ...

Poor on IHR capacity progress in 2019, WHO says Cambodia tops COVID-19 response

Despite being in proximity to Hubei, the original epicenter of COVID-19 pandemic, Cambodia has reported just 226 confirmed cases and zero deaths. After seeing the data, WHO appreciated Cambodias healthcare information system but experts dou...

Loopholes in Healthcare Information System may have failed Singapore COVID-19 model

In the initial days of the COVID-19 outbreak, Singapore was in the limelight for its effective healthcare system and pandemic response plan. However, Singapore has now joined the list of the worst-hit nations and the situation is even worse...

Videos

Latest News

Pakistan pushes renewables - but coal expansion continues too

By Rina Saeed Khan ISLAMABAD, Aug 7 Thomson Reuters Foundation - Pakistan this week set in motion a plan to boost the share of its electric power that comes from renewables to 30 by 2030, up from about 4 today, government officials said.The...

Democrats offer to cut $1 tln from coronavirus plan, White House says no

Democrats in Congress said on Friday they had offered to reduce a proposed coronavirus aid package by a trillion dollars if Republicans would add a trillion to their counter-offer, but the idea was flatly rejected by Donald Trumps White Hou...

Theft of seized liquor: No lapse on part of excise, taxation commissioner, says Haryana Dy CM

A day after an SET report regarding the alleged theft of seized liquor from godowns was made public, Haryana Deputy Chief Minister Dushyant Chautala on Friday rejected the charge that there was any lapse on the part of the state excise and ...

IBBI amends regulations for corporate resolution, voluntary liquidation process

The Insolvency and Bankruptcy Board of India IBBI has amended regulations pertaining to resolution process for corporate persons as well as voluntary liquidation. The Insolvency and Bankruptcy Code IBC envisages appointment of an authorised...

Give Feedback