Security News > 2020 > April > Syrian Hackers Target Mobile Users With COVID-19 Lures
Syrian-linked hackers recently switched to COVID-19-themed lures as part of a long-running surveillance campaign, Lookout security researchers reveal.
Supposedly active since January 2018, the campaign targets Arabic-speaking users with tens of Android applications, none of which is available in the official Google Play Store.
Likely targeting users in Syria and surrounding regions, the malicious apps have names such as "Covid19", "Telegram Covid 19", "Android Telegram", and "Threema Arabic," among others.
"SilverHawk actors initially entered the mobile malware space using the commercial Android surveillance-ware AndroRat, before customizing it and then developing their own mobile tooling. It is in line with known TTPs that a new commercial or public spy tool might have been adopted and used by this actor as part of new surveillance efforts, and there are likely more to be discovered," Lookout concludes.
Last month, Lookout reported on a surveillance campaign targeting Android users in Libya with COVID-19-themed lures.