“Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life,” said Eva Galperin, EFF’s (Electronic Frontier Foundation) Director of Cybersecurity. The comment was regarding a report made along with mobile security company Lookout on the topic of Dark Caracal, a threat that mimics and replaces trustworthy apps with fake ones full of malware.
The topic is not anything new, and if there’s something we’re already used to nowadays it is reading the regular findings that report about how the internet is cluttered with security and privacy menaces. Dark Caracal is only one of the many techniques in a hacker’s repertoire and yet more proof that mobile spying is on the rise since the widespread use of smartphones and tablets.
Fake Lookalike Apps and Government Spying
Creating a fake app as a perfect photocopy of another is one of the most common methods used by wrongdoers to fool unexpected users into installing what they think is a secure service. Messaging apps are some of the most popular – Telegram, WhatsApp and Signal, for instance – and to make everything even harder to figure out, these trojan apps often work like their real twins, too. However, the entity behind these apps are never the same company that developed them, but instead hackers that can then deploy all sorts of malware to have the app copy the user’s photos, capture audio, retrieve their real physical location, and more.
This is the essence behind Dark Caracal. But what’s more worrying is the fact that EFF and Lookout were able to trace its origins back to the headquarters of Lebanon’s General Directorate of General Security, which is yet another example of how the cyber warfare happening all around us allows “new nation states — previously without significant offensive capabilities — to build and deploy widespread multi-platform cyber espionage campaigns”.
The 50+ page report specifies over 90 indicators of compromise, across different malware for Android devices and Windows, Mac and Linux desktops. In turn, this resulted in the disclosure of a lot of sensitive data – including content from secure messaging clients, text messages, documents and much more – that belongs to “military personnel, enterprises, medical professionals, activists, journalists, lawyers, and educational institutions” of more than 20 countries in North America, Europe, the Middle East, and Asia.
But it’s not just nations spying on others that is worrying, hackers acting alone also have interest in the private data of anonymous users – usually to sell it on online black markets – and fake software, including browser extensions, plays an important role here, too. In 2017 a single fake VPN app for iOS was downloaded enough times to make $80,000 in revenue for the perpetrators. And even before this it was discovered that dozens of the most popular apps in Apple’s App Store were vulnerable to Wi-Fi snooping. This is only looking at iOS, too, which is usually regarded as a safer mobile operating system. Google is making efforts to fight these toxic apps as well, as was proved by the massive cleanup of the Play Store in March 2017.
It’s All In Your Hands
Whenever it comes to mobile apps they’re either trustworthy or they’re not, but part of the problem is also people’s carelessness. It is true that many people are not privacy enthusiasts and have no interest in becoming so, which – however recommended it may be – is fine. And because of this they might blindly grant every permission to the apps they install, which makes it all the easier to fool. But, in some cases, it’s not necessary to be an expert figure out if an app is reliable or not. Why does a calculator app, for instance, need access to your camera, microphone or text message records? When permissions don’t make sense, it’s likely to be a fake app full of malware.
Having said that, being up-to-speed with the latest news about the cyber crime and paying careful attention to apps’ permissions is vital these days. Additionally, a VPN should be used to encrypt your data and remain invisible not only to hackers but to your ISP as well. In this case, it’s important to look for trustworthy providers, like the ones featured here on Best Reviews.
Best VPN Services of 2018