Smartphone Tracking Malware Hits India Hard
A Smartphone Tracking Malware Is Hitting Government Officials
A smartphone tracking malware has hit India and Pakistan in what digital security company Symantec are calling a state-sponsored attack.
According to Symantec’s recent intelligence report sent out to those affected, the tracking malware attacks went back as far as October 2016. According to the report, Symantec has mentioned that the malware was targeting Indian and Pakistan entities that are involved in regional security issues.
Symantec didn’t specifically mention the source of the attacks, but they did mention that they’d seen similar attacks and a similar method of operation in a campaign that was targeted towards Qatar.
A security expert at Symantec mentioned that, “There was a similar campaign that targeted Qatar using programs called Spynote and Revokery. They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”
To get officials to install the malware on their devices, the attackers sent out documents that looked like breaking news titles from sources such as Reuters or Zee News. The titles would often relate to some military issues or regional security threats.
Once the document is downloaded, the attackers instantly gain access to the infected device. Symantec has mentioned that the download gave the attackers access to all personal data on a device. They could also track device location, monitor key presses to track conversations and password entry, and use SMS tracking techniques to capture private conversations.
Interestingly, the Ehdoor backdoor that was used to get malware installed on devices has been constantly adjusted over time to stop updates from patching up the backdoor.
FireEye, another security company, mentioned that the issue was of high sensitivity. It also didn’t surprise the FireEye crew that such attacks were happening often in the South Asian region.
“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.
Interestingly, this specific attack was considered to be an attack on military, government, and military-affiliated targets. In this case, it’s possible to believe that the attacks were carried out by, on or behalf of, another neighboring state.
If you’re in India and you’re worried about such malware attempts hitting your own devices, make sure to be careful about what files you download. Only download apps and software from trusted software, and keep an eye out for phishing attempts or attempts to trick you into downloading seemingly harmless files.
If your device does get infected, you’ll be open to all sorts of privacy breaching. Attackers will be able to monitor your messages, your activity, your location, and take your account passwords and log-in information.
If you feel like your device has been infected, back-up your files, perform a factory reset on the device in question and change all of your passwords and log-in details for all of your accounts immediately. If you use online banking, it may also be worth contacting your bank to let them know your details may have been breached. Your bank will help you to ensure no unauthorized transactions go ahead without your permission.