New Malware Attack Targets Syrian Dissidents
A fake security tool called AntiHacker turns out to be spyware.
The Electronic Frontier Foundation (EFF) is warning of a new malware campaign targeting Syrian activists, journalists and opposition members.
"The latest malware campaign plays into users' concerns about protecting their security by offering a fake security tool called AntiHacker, which promises to provide 'Auto-Protect & Auto-Detect & Security & Quick scan and analysing' [sic] ... While it proports to provide security against hackers, AntiHacker instead installs a remote access tool called DarkComet RAT, which allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more," write the EFF's Eva Galperin and Morgan Marquis-Boire.
"According to the watchdog, AntiHacker employs a number of methods to lure members of the opposition to install the program, including social media channels like Facebook," writes ZDNet's Charlie Osborne. "However, at the time of writing, the tool's Facebook group was unavailable. "
"This is not the first time that Syrian activists have come under cyberthreat," notes CNET News' Dara Kerr. "In May, a Trojan targeted dissidents in both Syria and Iran tracking users that attempted to evade government censorship. This Trojan carried a payload of malware that captured usernames, IP addresses, and hostnames of users; it also recorded any keystrokes entered. The version of DarkComet that AntiHacker is running is not yet detectable by any antivirus software, according to EFF. However, users can use the DarkComet RAT removal tool to determine whether their computers are infected and then remove the malware."