Hamas: Members of Hamas have created fake dating applications to target members of the Israel Defense Force (IDF). Researchers at Check Point have found at least three dating applications that were being used by the threat actors. GrizyApp, ZatuApp, and Catch&See were the three fake applications that soldiers were encouraged to download after receiving private messages on Facebook, Twitter, and WhatsApp. After victims installed any of the applications, an error message would display stating that the application was not supported and would be deleted. This would cause the victim to believe that the installation had failed, but in reality, the malware was up and running in the background. The malware would register as a device administrator and request permission to access the camera, calendar, location, SMS data, contact list, and browser history. The malware also has the ability to extend its code by downloading and executing remote .dex files. Once the .dex file is executed, it automatically receives the permission of the parent application. The malware essentially had the ability to access anything on the device, including sensitive military information that may be stored by the user or visible to the camera.
Analyst Notes
The level of social engineering sophistication and manpower needed for this attack is greater than the ones seen in the past. Because an actual person needed to contact each of the soldiers individually via social media and persuade them to download the application, the attackers had full control of the timing when the malware would be downloaded. This also enabled the attackers to convince members of the IDF that the application was legitimate more effectively than an automated message being sent out to a massive group of people. The Mobile Remote Access Trojans used in this attack compromised the devices of the solders and allowed the attacker to have access to device content without the victim knowing. Hamas has had Israel on its radar for some time, constantly making them the victims of their attacks to steal sensitive information. Because military members were targeted, it is likely the attack was aimed at stealing military secrets. Dating applications are flooded with fake accounts and users must use caution when using them. Installing any app downloaded from a website is potentially dangerous. Mobile apps that request device administrator or accessibility permissions should be treated with extreme caution since these permissions can give an attacker control over the device and access to all information in other apps. More information can be found here: https://www.forbes.com/sites/zakdoffman/2020/02/16/terrorist-android-malware-exposed-here-are-the-hamas-apps-that-targeted-israeli-soldiers/#7106bfa623ae
