EXECUTIVE SUMMARY:

Two attacks surfaced this week in the Middle East. In both cases the motivation was espionage, but the targets were quite different.

Capitalizing on World Cup buzz, Hamas cyberattackers were able to infect the mobile devices of approximately 100 Israeli soldiers with malicious apps downloaded from the official Google Play store.

The app, “Golden Cup” (since removed from the Play Store), appeared to be a simple score tracker. However, Reuters reports, it also was designed to record the user’s phone calls and take a picture when the user receives a call. It was able steal contacts, SMS messages, and all images and videos stored on the mobile device, plus information on where they were taken. Additionally, it captured the GPS location and took random recordings of the victim’s surroundings. Two fake dating apps were also used to carry out the same attack.

This incident serves as a reminder of how uncomplicated a cyberattack can be. All the cybercriminals had to do was pose as a legitimate app, and take advantage of buzz-worthy events that were sure to attract their victims.

Elsewhere in the region, cybersecurity researchers have identified a cyber-espionage group that has been targeting Palestinian law enforcement. The attack appears to be a resurgence of an advanced persistent threat (APT) surveillance attack from last year.

The backdoor campaign infects a victim, gathering a fingerprint of their workstation along with collecting the names of documents, which get sent to the attacker’s server. The researchers believe the list is used to identify sensitive files it could potentially steal. If the host is a suitable target, the virus is able to self-download extensions (second-stage modules) to continue the attack in a tailored manner.

Get the full story here.