Security News > 2020 > March > Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware
Kristin Del Rosso and other threat researchers with cybersecurity company Lookout have found a new kind of coronavirus cyberattack designed to spread potentially malicious Android applications that appear to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals.
At least three new apps related to coronavirus have been created using the same infrastructure as those applications and the Lookout investigation discovered that they can be traced back to IP addresses operated by Libyan Telecom and Technology, a consumer internet service provider.
"The person or group running the campaign is likely in Libya and using their own infrastructure to run the C2, or is leveraging infrastructure they have compromised there. As the applications are also specifically aimed at Libyan users, this appears to be a regionally targeted surveillance effort," Del Rosso wrote.
"As people's fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals. First, Sophos noticed phishing attackers using the World Health Organization as a lure. Next, numerous malware gangs began to disguise their malicious wares as COVID-19-themed documents. Now today, we are seeing cyberattackers impersonating WHO charities, this time the COVID-19 Solidarity Response Fund," Wisniewski said.
Hackers are now pretending to be charities associated with aid groups addressing the spread of coronavirus.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (source)
- Chinese hackers target Linux with new WolfsBane malware (source)