Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
Citizen Lab uncovered a new targeted cybercrime campaign targeting iOS and Android device owners.
The hacker group, dubbed Poison Carp by the researchers, sent malicious links to victims using the WhatsApp messenger. After clicking on the link, spyware was unnoticeably downloaded to the device through vulnerabilities in the browser.
The malicious mailing continued from November 2018 to May 2019. The victims of the group were high-ranking officials in Tibetan communities, including the private office of the Buddhist leader, the Dalai Lama. The attackers wrote to each victim individually on WhatsApp under the guise of employees of non-governmental organizations, journalists and other fictitious persons. They would first engage the victim in a conversation and then send a malicious link.
Spyware was installed on Android devices using eight known browser vulnerabilities, and on iPhone using one. At least four exploits were pulled from GitHub.
The malware is a previously unknown MOONSHINE spyware that gives attackers full control over the device and allows them to extract data (text messages, call logs, contacts and location data), access the microphone and camera, and extract data from Viber, Telegram, Gmail, Twitter and WhatsApp, and install additional malicious plugins.
Operation Poison Carp overlaps with two campaigns against Uyghur users in China. Given the similarities between the three campaigns, the researchers concluded that the Chinese government was behind them.
