Kaspersky researchers explain how Israeli soldiers had their actions spied on after installing a malicious mobile app on their Android smartphones. Cyber espionage using the same means had already targeted the Ukrainian army at the end of 2016.
(update) More than a hundred Israeli soldiers, most of them stationed around the Gaza Strip, fell victim to a cyber espionage attack last July that used malicious Android apps to spy on them and collect information. The campaign of attacks continues to this day, according to researchers from antivirus software maker Kaspersky Lab who cooperated with the Israeli army’s computer security department.
The soldiers were lured by hackers through Facebook Messenger and other social networks. They installed an Android app that scanned their phone and installed another malicious app posing as an update for one of the apps already installed. For example, Kaspersky researchers spotted “WhatsApp_Update”. Once installed on the phone, it allowed hackers to execute commands on demand or on a scheduled basis to read text messages, access the contact list, take photos and screenshots, spy on specific times of the day and record video and audio sequences.
Researchers believe this is a targeted attack on the Israeli army aimed at exfiltrating data on the position of its troops and collecting real-time data on its tactics and the equipment it uses. This is for them a very eloquent example of how malware can be used to spy on a conflict. A similar attack, also using Android malware, recently infected the mobile phones of Ukrainian artillery soldiers in the Donbass region.