Security News > 2020 > March > Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware

Kristin Del Rosso and other threat researchers with cybersecurity company Lookout have found a new kind of coronavirus cyberattack designed to spread potentially malicious Android applications that appear to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals.

At least three new apps related to coronavirus have been created using the same infrastructure as those applications and the Lookout investigation discovered that they can be traced back to IP addresses operated by Libyan Telecom and Technology, a consumer internet service provider.

"The person or group running the campaign is likely in Libya and using their own infrastructure to run the C2, or is leveraging infrastructure they have compromised there. As the applications are also specifically aimed at Libyan users, this appears to be a regionally targeted surveillance effort," Del Rosso wrote.

"As people's fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals. First, Sophos noticed phishing attackers using the World Health Organization as a lure. Next, numerous malware gangs began to disguise their malicious wares as COVID-19-themed documents. Now today, we are seeing cyberattackers impersonating WHO charities, this time the COVID-19 Solidarity Response Fund," Wisniewski said.

Hackers are now pretending to be charities associated with aid groups addressing the spread of coronavirus.

News URL

https://www.techrepublic.com/article/libya-based-hackers-using-coronavirus-pandemic-to-spread-mobile-surveillance-malware/#ftag=RSS56d97e7