Are you an Israeli Defense Force (IDF) soldier that has met an extremely attractive Western woman over social media who seems too good to be true?  

If so, you’ve probably been hacked.

Lookout and Kaspersky have released a report suggesting that a group of sophisticated hackers has been stealing sensitive data from some 100 IDF soldiers who were tricked into downloading spyware, known as ViperRAT, on their android phones.

Hacker MO
According to the reports, IDF soldiers were sent private messages via social media networks hackers pretending to be attractive women from such countries as Canada, Germany, and Switzerland. Once contact was established, the “women” asked IDF personnel to download trojanized versions of “legitimate” chat apps, such as SR Chat or YeeCall Pro, under the ruse of easier communication.

Once the dirty app is downloaded, it then scans through the compromised device and downloads another malicious app by pretending to be an update for apps that the user has already installed, such as WhatsApp.  The fake update tricks the victim into allowing the malicious app to eavesdrop on conversations, view live video footage, and to have control over the microphone and camera..

Additionally, ViperRAT provides the hacker with important data such as app download history, call logs, cell phone tower info, geolocation, internet browsing, network and device metadata, personal photos and SMS messages.

From the approximate 100 IDF soldiers whose devices have been compromised since July, the hackers have amassed nearly 9,000 stolen files and it is believed that the IDF are not the only personnel to be targeted.

Who is the Guilty Party?
At first, it was believed to be Hamas that was hacking the IDF, but researchers are beginning to second guess that hypothesis, based on the sophisticated nature of the code used.  Both Lookout and Kaspersky are working with the IDF to minimize the impact of the hacks.  That being said, is very easy to avoid becoming a target: DO NOT DOWNLOAD UNTRUSTED APPS FROM THIRD-PARTY SOURCES!

Comments are closed.