More than 100 soldiers from the Israel Defense Forces (IDF) have become the target of a cyberespionage group when information from their mobile devices was stolen using malicious Android applications.
ViperRAT, the clandestine hacking collective was found actively hijacking soldiers’ Android-based smartphones to remotely siphon images and audio directly from the devices.
Highly sophisticated malware allowed the attackers to control each phone’s microphone and camera. In effect, the hackers could eavesdrop on soldiers’ conversations and peer into live camera footage — wherever an affected smartphone’s camera would be pointed, that vantage point could have also been viewable to the hackers.
A list of installed apps on the infected mobile device is also sent out by the dropper. Some variants will pretend to be chat apps, another variant will pretend to be a YouTube layer, depending on what’s already installed on the device.
Other Android smartphone applications common to Israeli citizens and available in the Google Play store — including a billiards game, an Israeli Love Songs player, and a Move To iOS app — where found to contain hidden ViperRat malware.
While the malicious actors behind ViperRAT have yet to be explicitly identified, their activity patterns suggest that the cyberespionage is being carried out by a group operating out of the Middle East.