Pro-Syrian Government Hackers Target Activists With Fake Anti-Hacking Tool

As the violence escalates across Syria, so do the campaigns of targeted malware attacks against Syrian activists, journalists, and members of the opposition, which covertly install surveillance software on their computers. Syrians are growing more aware of the danger these campaigns pose to their security and the security of their friends and loved ones. On Facebook, the Union of Free Students in Syria group has started an album of students holding up signs warning against phishing attacks and malware, with messages that such as, "Assad supporters are sending dangerous files with hacked accounts. Check with your friends before opening an attachment."

The latest malware campaign plays into users' concerns about protecting their security by offering a fake security tool called AntiHacker, which promises to provide "Auto-Protect & Auto-Detect & Security & Quick scan and analysing."[sic] EFF's analysis indicates that this campaign is the work of the same actors behind several malware campaigns that lured their targets in using fake revolutionary documents and a fake Skype encryption tool--campaigns that date back to at least November 2011.

While it proports to provide security against hackers, AntiHacker instead installs a remote access tool called DarkComet RAT, which allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more. Over a dozen of the attacks EFF has analyzed have installed versions DarkComet. It's increasingly close association with pro-Syrian-government malware, combined with the Human Rights Watch report on the Assad regime's network of torture centers, may have motivated the project's sole developer to shut it down, declaring his intention to work on an alternative tool that more closely resembles VNC and requires administrative access to install.


Read more

15.08.2012
https://www.eff.org/deeplinks/2012/08/syrian-malware-post​