Facebook found that two Palestinian hacking groups are conducting cyberespionage operations that trick people into installing malicious software, reports ZDNet.
According to the social media giant’s report, one group known as Arid Viper is connected to the Hamas party’s cyber arm, while the other is associated with the Fatah party’s Palestinian Preventive Security Service. Both groups use compromised and fake social media accounts disguising as Fatah or Hamas supporters, young women, journalists and various military groups.
Arid Viper uses a custom surveillanceware called Phenakite, which can steal sensitive user data from iPhones and can also direct victims to phishing pages to steal their Facebook or iCloud credentials. PSS, on the other hand, uses social engineering to force users into installing Microsoft and Android malware, Facebook stated. Once installed, the PSS malware will then collect the user’s information, including their call logs, location, text messages, contacts and device metadata, and keylogger functionality in some instances.
Facebook released a list of indicators that would alert users of such activity. These include 179 domains, two iOS malware hashes, 10 Android malware hashes and eight desktop malware hashes.
According to the social media giant’s report, one group known as Arid Viper is connected to the Hamas party’s cyber arm, while the other is associated with the Fatah party’s Palestinian Preventive Security Service. Both groups use compromised and fake social media accounts disguising as Fatah or Hamas supporters, young women, journalists and various military groups.
Arid Viper uses a custom surveillanceware called Phenakite, which can steal sensitive user data from iPhones and can also direct victims to phishing pages to steal their Facebook or iCloud credentials. PSS, on the other hand, uses social engineering to force users into installing Microsoft and Android malware, Facebook stated. Once installed, the PSS malware will then collect the user’s information, including their call logs, location, text messages, contacts and device metadata, and keylogger functionality in some instances.
Facebook released a list of indicators that would alert users of such activity. These include 179 domains, two iOS malware hashes, 10 Android malware hashes and eight desktop malware hashes.
