It’s being reported that a new campaign involving suspected Lebanese hackers has been uncovered, which involves cybercriminals creating fake Facebook profiles and using social engineering to lure potential victims into downloading an Android spyware. According to security researchers at Avast, who uncovered the new attacks, the hackers spread the spyware, dubbed Tempting Cedar, via fake Facebook profiles that engaged with potential victims. The targets were persuaded by the hackers operating the fake profiles to download the spyware, which was disguised as the Kik Messenger app. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“It is interesting that two UK companies were also used to create and host the malicious infrastructure and that mobile devices were specifically targeted. This indicates that this is an attack on the individual rather than an entity. Given the implied attribution and location of many victims, the GPS location information gathered by the attackers makes this potentially more sinister.
“Those unlucky enough to be infected may not be aware for some time, which is a particularly worrying outcome as spyware can be used to steal personal information and credentials which can in turn be used for social engineering tactics, causing further damage. Facebook should take every step necessary to protect its users, and to block the fraudulent accounts from interacting with the genuine user base. In addition, users really should be aware of who they accept friend requests from. If you do not know the person sending the request or have any mutual friends with them, proceed with caution before accepting their friend request – no matter how attractive you might think they are.”