Lonely Jihadists Tricked Into Downloading Malware

A report published by FireEye tells of a romantic tale of deceit and malware which tricked lonely jihadists into giving up more than seven gigabytes of sensitive data. The exact identity of the group is not known, however there is some information that suggests they are operating out of Lebanon.

The compromise of one jihadist was a great payoff due to the lack of tech available to the jihadi. The use of one machine by many jihadi allowed for multiple account compromises. The ability for the group to target mobile devices allowed for real time battlefield communications to be monitored.

FireEye was able to assess that the DarkComet RAT was used to compromise the jihadi systems. This is a well known RAT or Remote Administration Tool. What is unique about this attack is that the group used a multi stage payload dropper and is the first documented instance of Android malware being used against Syrian opposition.

Download the report from FireEye at:https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf

or from the Protocol46 archive at: FireEye Threat Intel: Behind The Syrian Conflict’s Digital Front Lines

Post by Protocol 46