Israeli soldiers were tricked into installing malware-infected apps on their phones by members of the Hamas Palestinian militant group by posing as young teenage girls.
According to a spokesperson for the Israeli Defence Force (IDF) some soldiers fell for the scam. They detected the infections, tracked down the malware, and then took down Hamas’ hacking infrastructure.
Hamas operatives created Facebook, Instagram and Telegram accounts and then approached IDF soldiers.
IDF spokesperson Brigadier General Hild Silberman said that Hamas agents posed as new Israeli immigrants to justify their lacking knowledge of the Hebrew language.
IDF investigators said they tracked six accounts named Sarah Orlova, Maria Jacobova, Eden Ben Ezra, Noa Danon, Yael Azoulay, and Rebecca Aboxis, that were used in the social engineering campaign.
Soldiers who engaged in chats were finally lured towards installing one of three chat apps, named Catch & See, Grixy, and Zatu where the agents promised to share more photos.
Gen. Silberman stated that the apps would give the impression they can’t run on soldiers’ phones by showing a crash message. The apps would then delete their icons from the soldier’s smartphone, tricking the user into thinking the app uninstalled itself.
But the app would instead keep running in the background. It would then exfiltrate photos, SMS messages, contacts etc. from the victim’s phone. The apps are also able to install other malware on the device, track the phone’s geo-location in real-time, and even take screenshots through the phone’s camera.
Israeli cyber-security firm Check Point linked the malware strains to a group they have been tracking under the codename of APT-C-23, active since the summer of 2018.
The Hamas agents have tried this technique earlier in January 2017 and this is the second time they have tried a social media catfishing campaign to trick IDF soldiers into installing malware on their devices.
It is generally considered an operation security failure to allow soldiers to use personal devices while deployed in the field.