Dark Caracal: Government malware turns the smartphones into spy cams
Did you ever think of using smartphones as a spy cam to spy on someone else?
Lebanon government-backed intelligence agency has been doing precisely that since 2012. Yes, 2012.
A global spy agency based in Lebanon revealed itself a large scale state hacking, without knowing, thanks to one of the exposed server of suspected operation on the open internet.
Security researchers combinedly from cell phone security firm Lookout and the digital rights group EFF (Electronic Frontier Foundation) spotted the exposed server.
Researchers then found that the spying agency pulled out stolen data from the infected windows machines and Android devices; in hundreds of gigabytes.
Since 2012, Dark Caracal – the secret operation – has successfully spied on thousands of people from 21 countries worldwide including the United States.
You could end up taking your most dangerous selfie with this mass spying operation, unknowingly.
Most of the victims were activists, military personnel, lawyers, defense contractors, financial institutions, and journalists.
Reporting the findings on Thursday (18th January 2018), the researchers stated it is one of the biggest spying operation focused on mobile devices.
The cyber attacks seized control of the Android phones that allowed hackers to turn them into the victim monitoring devices, and ultimately, steal any data undetected.
No evidence found of hacking Apple users, yet again, hinting towards the popularity of Android within the Middle East.
The researchers claim that the state backs hackers.
Since they traced activities to a building that belongs to one of Lebanon’s security agencies in Beirut.
More precisely, suspected Lebanon’s intelligence agency building behind the hackers is – General Directorate of the General Security building.
Subsequently, attackers managed to get full control of the unwitting users’ devices using phishing attacks to trick them into downloading the fake versions of trusted encrypted messaging apps.
Facebook, Viber, Signal, and Whatsapp are those encrypted messaging platforms of which the hackers created fake login pages to lure victims.
In addition to the Android, the spying operation also has been using the Windows malware too.
The Windows version of the agency’s malicious program can take screenshots from the victim’s computers, steal sensitive business documents, and extract log files from the Skype.
Subsequently, no previously known Windows or Android vulnerability got exploited in this Malware.
How researchers managed to catch the spying agency?
Lead security researcher of the group, Michael Flossman, revealed to Reuters that Lookout and EFF were able to connect back to GDGS because of the failure of suspected cyber spying agency.
The group failed to secure their very own control servers and command, which created an opportunity for researchers to get to know what they are doing.
In a telephonic interview given to Reuters, Flossman said
“Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating.”
Here is a turn in the tale!
Director general of the GDGS, Major General Abbas Ibrahim, said he wished to see the report before he commits on the contents of it.
He further added Lebanon general security doesn’t have such capabilities of spying.
Ibrahim moreover gestured, they wish they could have the capabilities discussed in the report.
So we perhaps can say here that GDGS might not be involved directly here; though, it could be the work of a rogue employee working in it.
What data the hackers exactly captured from infected devices?
Lookout/EFF team stated they uncovered the spy tools and a ton of data stolen from thousands of victim’s phone.
The data includes contacts, text messages, documents, encrypted conversations, photos, and audio.
Mainly the targets were located in the surrounding regions including Saudia Arabia and Syria, and Lebanon itself.
One shocking thing here is, the operation didn’t target people from Israel or Iran.
Why so shocking?
The reason is, those are the two top targets of governmental cyber-spy attacks.
The report suggests that victims also live in some European countries too. Those include China, Russia, United States, South Korea and Vietnam.
How is Dark Caracal (the malware in question) built?
An interesting fact is, the hackers built their malicious software by borrowing code from developer sites (Facebook, Whatsapp, and Signal).
They relied heavily on the social engineering for ticking people into clicking links that sent victims to a website called SecureAndroid – which in fact, is a fake Android application store.
There, users got fooled to download the fake (but entirely functioning) versions of the privacy tools and encrypted messaging apps including Viber, Signal, and WhatsApp, that the lead researcher (Flossman) told promised targets secure experience “even better than their respective originals.”
Once installed, the malware can take photos (either with front or the back camera), silently activate mobile phone’s microphone to record nearby conservations – all remotely.
Google Knows and is working on it
In late 2017, upon notification by researchers to Google, search giant worked with the researchers as an effort for finding apps concerning this attack.
A spokesperson from Google said that not a single app out of all was present on official Google play for the Android users.
The spokesman further added, firm’s unified security system, Google Play Protect that runs on numerous Android devices, have been in continuous update operation in an attempt for protecting users from such malicious applications.
The company is working on removing them from all affected devices, too.
To return to the subject, Lookout found some links between Lebanon-linked cyberattacks and the ones tied to Kazakh government in Central Asia. Report on that was published back in 2016 named as “Operation Manual” published by the Electronic Frontier Foundation alongside other experts.
Now, both of the research groups (Lookout and EFF) agreed to team up for further investigation. The groups have found that Kazakh group was more likely a client of these Lebanon-based hackers.
What can I do to protect myself the easy way?
If you want to keep yourself protected from any Android-based malware, remember one rule of thumb; always download applications only from official Google Play Store.
Do not download an app from a third-party website, ever.
19 Comments
Who says hackers are not real? I read several comments on YouTube and on Quora when they recommended a hacker. I mailed him when I suspected my wife was cheating and you wouldn’t believe this hacker helped me hack into her phone without any glitch. He did it remotely and swiftly without my wife knowing, i discovered my wife wasn’t actually cheating, i’m glad I contacted Hacklord first instead of confronting my wife.Here is his Gmail Stephenlogicalhacklord@gmail.Com contact him on or on whatsapp +19094479732 and You can text or call him on +19094479732 for anyone that may require his help
This is my advice to anyone who wants to hack a phone, do not pay for spy apps if you don’t have access to the phone. I wish I knew this sooner, I would not have spent so much on different spy apps. It took sometime before I finally found a way to hack my husband’s phone without having access to it. I mentioned my fears and insecurities to a friend and she recommended kelvinethicalhacker at gmail.com to me, This hacker provided a service that allows me to monitor his calls and conversations. I haven’t decided on what to do yet. I don’t think I can continue in this marriage. He is cheating on me.contact him here for help, via, kelvinethicalhacker@gmail.com,
Kelvin helped me hack into my wife phone under 2 hours with out having physical assess to her phone kelvinethicalhacker @gmailcom hacked into my wife text messages,deleted text messages,call logs,viber messages,whats-app messages,Facebook messages and many more this hacker is true and reliable his services are cheap and affordable you all can also contact him for help tell him i refereed you am sure he will help you
I dont like to meddle into people’s relationship but at thesame time its not appropriate the way men cheat this days and even maltreated their wives whenever confronted,it really baffle me.l was in this situation some month ago l have to search some forum then l came accross this hacker via his mail: samsmithcyberhost@gmail,com this guy really unveil somethings l can’t imagine happening in my relationship.l think it’s high time we ladies have to hire someone like sam in other to get the truth about your spouse it really help. contact him via
Email: Samsmithcyberhost@gmail.com
Text or Whatsapp on: +1 (747)345-9036..
tjoui
Some weeks ago i started having suspicious feelings about my wife to be that she has things hiding for me Since then i had been looking out for phone spy app or hackers that could help me get into her phone so i came on here, saw all sort of recommended contacts but one really caught my attention.
So i text his contact the feedback was really shocking and that confirmed my suspicions This team is reliable and quick to deliver no time wasted, here is their contact
(williamscyberghost@gmail.com)
WhatsApp, CALL OR TEXT: (+1 (602) 456-1862)
My relationship was in mess a weeks back i keep on complaining and was steady worried if my spouse was cheating on me. till my sister referred me to this ethical hacker which had helped a friend of her spy on her cheating finance phone. Kelvin grant me access to every information’s on my husband phone including deleted once and also photo I have access to read all his (social media text) WhatsApp, Facebook, Skype, Instagram and Snapchat messages Including the deleted text and unready messages. Although i finally found out he was not cheating. if you have same issues like me contact ethical hacker through Gmail via kelvinethicalhacker@gmail.com. for help to help you find out the statue of your relationship…
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, Kelvinethicalhacker@gmail.com.
Infidelity is one act that is not required in marriages not relationships, I had a taste of how it hurts badly to be cheated on, My spouse whom I had love my whole life decided to cheat on me, I figured this out when I noticed the strange and awkward attitudes that was shown to me, I was worried why he grinned so much at his phone screen, not that I’m insecure, but because, it was a strange occurrence in the relationship, we had talks over it but nothing was changed, then I decided to take a step forward by consulting an expert who will get into his phone, I was lucky to have read your comment about infotheprohackres@ gmail com, who helped me gain access into my spouse’s phone. You also, can make use of his service by sending him an email via his information below.
Email: infotheprohackers@gmail.com
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, dehacker197@gmail.com.
This is my advise to anyone who wants to hack a phone, do not pay for spy apps if you don’t have access to the phone. I wish I knew this sooner, I would not have spent so much on different spy apps. It took sometime before I finally found a way to hack my husband’s phone without having access to it. I mentioned my fears and insecurities to a friend and she recommended these tech team, kelvinethicalhacker@gmail.com. These tech guys provided a service that allows me monitor his calls and conversations. I haven’t decided on what to do yet. I don’t think I can continue in this marriage. He is cheating on me. Hg
I won’t stop recommending binacouragecyberhost@gmail.com for the great work literally I had noticed that my husband had been cheating on me but I never for once thought it could be with my best friend cause we talked everyday and always together whenever I’m not at work and I told her many things about my family not knowing my husband and her takes advantage of my absence whenever I leave for work I tried using different tracking apps but didn’t get what I wanted. But with the help of this hacker i gain access into my husband’s phone
If you want to know how to catch a cheating spouse – you’re in luck because the options are endless. There are many different ways to go about catching a cheating partner, such as hiring a private investigator, going through their social media accounts, or planting a recording device or a GPS tracker.
However, instead of wasting money on buying an expensive recording device or GPS tracker, you can simply go through your partner’s phone with the help of infotheprohackers @ gmail.com He can grant you access to your spouse phone record track their location, and analyze social media accounts all at once. You can conveniently access all the data from a single place – a web-based dashboard.
So if you want to end your cheating husband’s infidelity, you can choose infotheprohackers at gmail.com to find all the evidence needed to catch a cheater.
Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on, kelvinethicalhacker @ gmail com.
I was just feeling insecure when my finance would just be on his phone at odd hours, my instinct tells me something it’s not right and i needed to access his phone until i decided to take a chance to know, knowing is batter then self doubts. until i come across this hacker kelvinethicalhacker@gmail.com, his direct contact is +1(341)-465-4599. he built spyapp with only the target number and he charged little fee so i can check and track all new and deleted messages on his phone the spyapp also have access to all his social media platform and icloud information will be….
I just broke with a guy I was in love with, but also by, as I once believed, a true friend. I was in a really bad place emotionally because I had the suspicion my partner was cheating but I couldn’t confirm it. I reached out to a close friend and she introduced me to him. He explained how he would grant me access to my partners’ phone without him being aware, of course I was skeptical at first but I had to erase the doubts so I went through with the process and he delivered giving me access to old texts and incoming texts on Whatsapp, Facebook, message he also got me into his Instagram account and I was able to confirm my suspicion and leave that toxic relationship contact Fred hacker. I made the right call doing this because of the relief I felt after you may also need this service if you find yourself with an untrustworthy partner, Contact him on fredvalcyberghost@gmail.com and call/text him on +14236411452 AND WHATSAPP HIM ON +19782951763
You’ve probably wondered before, “If my husband cheated on me, How would I know? That’s a question I kept asking myself. Well, statistically, a lot of women do most infact, including me.
I’d been married for 2 years battling with lies & cover ups my husband dish out. I’d had my doubts about the amount of time my husband was spending with his female assistant. But with a big project at their office, it made sense—or so I told myself. I was too ashamed to even mention it to my colleagues at work cos I had no concrete evidence but this faithful day I was really sad & needed to talk to someone, had a talk with my neighbor’s daughter, she told me about her friend & how he is an expert. I contacted him and he was able to clone my husbands phone the same day without having physical access with it, I got full access to his messages, call logs & chats. That was how I got all the proof I needed to confront him. Glad I contacted him. You can reach him on binacouragecyberhost@gmail.com
If u needed a concrete cheating evidences on your unfaithful partner the best
hand that got you cover is Donald Jackson he is a professional in hacking….
When I noticed some strange changes about my ex wife and I contacted STD from
her I learnt she has been cheating on me and I search for app that I can be used
to clone her phone conversations and passwords but all not to avail ,then I come
in contact with Donald through a blog comments after connecting with him ,he
asked for the info and clone her Facebook, WhatsApp and all her phone conversations
and messages within 24hours and he did a very professional job without any traces,
so if you are in need of a legit hacker for DELETING OF BLEMISHES FROM CREDIT REPORT,
CREDIT SCORE INCREASE, PHONE CLONING, PHONE TAP, SPY HACK YOUR CHEATING SPOUSE TO FIND OUT
WHAT THEY BEEN UP TO, MORTGAGE LOAN LENDERS AND APPROVALS, EMAIL HACKS, WHATSAPP, MESSENGER
AND OTHER SOCIAL MEDIA APP, DELETING OF CRIMINAL RECORD AND EVICTION HISTORY contact him via his
mail – donarldjacksoncyberhost@gmail.com
i promise to write review about his work
I almost ruined my marriage with a man I love so much because I noticed that he was hanging out with friends alot and he comes back home very late at night. I got so jealous because I knew the kind of friends he has, and I began to think that they would have influenced him into flirting with other girls. So i told a friend of mine about what i was facing in my marriage then she told me she has a friend whose husband is an ethical hacker and he has been tested and trusted by some of her friends having similar problems with me… so i made contact with him and told him my problems. To my surprise, he helped me hack into my husbands facebook account, whatsapp, phone calls, text messages and even deleted text messages within 8HOURS then i found out that i was wrong about my husband being influenced by his friends and i also found out that he is planning something big and lovely for our marriage…..contact him on fredvalcyberghost@gmail.com and you can also text, call him on +14236411452. He is faster, so reliable and also tested and trusted. to know the truth. He is good at anything that relates to hacking. Tell him i referred you to him
I never knew a post could be of such help to anyone until I saw a post about a professional hacker called Stephenlogicalhacklord , which is why I’m posting this with the hope that I might help someone through this. Well i contacted him through his email stephenlogicalhacklord@gmail.com in good faith that he was going to help me out by hacking into my husband’s phone and email and he didn’t even disappoint me for a second, rather he provided me with full access to both his email and phone allowing me to see everything for myself, how a cheat of an husband the man i loved was. I would forever be indebted to him and I really appreciate him for a job well done. I already made him my personal hacker and I advise that you do the same. Text, Calls & Whatsapp +1(614) 385-2156