Hackers in Lebanon have been able to use smartphones to spy on and steal data from Android phone users in at least 21 countries.
According to Reuters, this is the first known large-scale state hacking of phones.
Mobile security firm Lookout and digital rights group Electronic Frontier Foundation revealed that the hackers – backed by Lebanon’s General Directorate of General Security (GDGS) – have been engaging in these cyberattacks since at least 2012.
The hackers, named “Dark Caracal” by the researchers, used phishing attacks to get Android users to download fake versions of encrypted messaging apps. The malware then takes control of the smartphones, doing everything from taking photos with the front or back camera to activating the phone’s microphone to secretly record conversations.
With that in mind, hackers primarily focused on government officials, military targets, utilities, financial institutions, manufacturing companies and defense contractors. Targets were mainly in Lebanon and its surrounding region, including Syria and Saudi Arabia. However, some victims were located in five European countries: Russia, the United States, China, Vietnam and South Korea.
“Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating,” said Michael Flossman, Lookout's lead security researcher.
Major General Abbas Ibrahim, director general of GDGS, has yet to see the report, but said: “General Security does not have these types of capabilities. We wish we had these capabilities.”
Luckily, researchers informed Google, the developer of the Android operating system, about the attacks in late 2017. None of the apps associated with the attack were available on the Google Play Store, but a company spokesman said that Google Play Protect, the company’s security system, has been updated to protect users from the malicious apps, as well as remove any malware from impacted phones.