A warning has been issued over a new espionage security bug that is reportedly targeting lawyers, journalists, and activists in more than 20 countries around the world.
The “Dark Caracal” malware, uncovered by the Electronic Frontier Foundation (EFF) and mobile security firm Lookout, is said to have already stolen hundreds of gigabytes of data, primarily through mobile devices compromised by fake secure messaging clients.
“Trojanised” apps, including Signal and WhatsApp, allow attackers to take photos, retrieve location information, capture audio, and more. EFF staff technologist Cooper Quintin said the attack doesn’t require a sophisticated or expensive exploit.
“Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” he added.
Stolen data ranges from call records and audio recordings to documents and photos.
“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life,” said EFF director of cybersecurity Eva Galperin.
Both groups believe Dark Caracal has been operating since at least 2012 – but it has been hard to track partly because of seemingly unrelated espionage campaigns originating from the same domain names. They said Dark Caracal’s work has also been repeatedly misattributed to other cybercrime groups over the years.
Related stories:
Marsh looks at potential Hurricane Katrina-scale losses from cloud breach
World to embark on “critical period of intensified risk”