Table of Contents
Facebook said Wednesday that it had removed malware material from its platform that was being distributed by two state-backed hacking groups operating out of Palestine.
Facebook has successfully eliminated the malware from its platform, and no more people are at risk of becoming victims of cyber theft, at least through Palestinian-originated malware.
Arid Viper, identified by the social media giant as connected to the Hamas cyber arm, is alleged to be part of a threat actor network linked with the Preventive Security Service, the security apparatus of the State of Palestine.
It was secretly spreading the virus before Facebook spotted the danger and got rid of it.
It appears that both groups have used the platform to launch a variety of social engineering attacks in an attempt to convince users to click on malicious links and install malware on their devices.
As a result, Facebook removed the adversaries’ accounts, barred domains connected to their activity, and alerted these groups were singling out users it suspected.
Apps that look benign can be infected with spying software
Furthermore, the group deployed another Android malware called SpyNote, which came with remote access capabilities and enabled phone monitoring on compromised phones.
They created fictitious personas by posing as young women and members of Hamas, Fatah, military groups, journalists, and activists.
They would appeal to their desires to build relationships with targets and force them to visit malicious sites through fake and compromised accounts.
A Sophisticated Malicious Campaign
In contrast, Facebook noted that Arid Viper is using “Phenakite,” a new custom iOS surveillance ware that can steal sensitive information from iPhones without jailbreaking the devices.
This ransomware was dispersed to users as a fully functional but chat application called MagicSmile hosted on a third-party Chinese app development website.
It slowly operates in the background, stealing data without the user’s knowledge.