1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: ZLAB malware - malware family used by the Dark Caracal APT in its hacking operations

Results 1 to 1 of 1

  1. #1
    VOLKOV's Avatar
    Join Date Jun 2014
    Location Kanchatka
    Posts 623
    Like (Stats)
    17 Post(s)
    0 Thread(s)
    46 Post(s)

    Post ZLAB malware - malware family used by the Dark Caracal APT in its hacking operations

    Researchers from CSE ZLAB malware Analysis Laboratory analyzed a set of samples of the Pallas malware family used by the Dark Caracal APT in its hacking operations The malware researchers from ZLab analyzed a collection of samples related to a new APT tracked as Dark Caracal, which was discovered by Electronic Frontier Foundation in collaboration with Lookout Mobile Security. Dark Caracal has been active at least since 2012, but only recently it was identified as a powerful threat actor in the cyber arena. The first analysis of the APT linked it to Lebanese General Directorate of General Security. Dark Caracal is behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call logs, and files from journalists, military staff, corporations, and other targets in 21 countries worldwide. One of their most powerful campaigns started in the first months of last year, using a series of trojanized Android applications to steal sensitive data from the victim’s mobile device. The trojan injected in these applications is known in the threat landscape with the name Pallas. Threat actors use the “repackaging” technique to generate its samples, they start from a legitimate application and inject the malicious code before rebuilding the apk. The target applications belongs to specific categories, such as social chat app (Whatsapp, Telegram, Primo), secure chat app (Signal, Threema), or software related to secure navigation (Orbot, Psiphon). The attackers used social engineering techniques to trick victims into installing the malware. Attackers use SMS, a Facebook message or a Facebook post, which invites the victim to download a new version of the popular app through from a specific URL All the trojanized app are hosted at the same URL This malware is able to collect a large amount of data and to send it to a C&C through an encrypted URL that is decrypted at runtime The capabilities of the trojan are: Read SMS Send SMS Record calls Read calls log Retrieve account and contacts information Gather all stored media and send them to C2C Download and install other malicious software Display a phishing window in order to try to steal credentials Retrieve the list of all devices connected to the same network Further details are included in the complete report published by CSE. Source: http://securityaffairs.co/wordpress/...s-malware.html
    Last edited by VOLKOV; 13-02-2018 at 15:15.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 29-07-2017, 00:12
  2. Replies: 0
    Last Post: 16-06-2009, 21:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts