Researchers at the University of Toronto’s Citizen Lab report that new targeted attacks on Syrian activists install the BlackShades Trojan onto victims’ machines.
“The spyware has been embedded into what looks like just one of many .pif video files being circulated by Syrian activists on Skype to help document attacks and human rights abuses by Syrian government and pro-government forces … North American-based forensic experts dissected the Trojan spyware embedded in the video file circulating on Skype, which ends with the extension ‘new_new.pif,'” writes the Committee to Protect Journalists’ Frank Smyth.
“Once installed, the tool drops malicious programs that can remotely log keystrokes and take screenshots, according to the Electronic Frontier Foundation, a nonprofit digital advocacy group that coordinated with The Citizen Lab on the discovery,” writes SC Magazine’s Dan Kaplan.
“The use of remote surveillance software against activists has been going on amidst the conflict in Syria since February, if not earlier,” notes The Register’s John Leyden. “Previous attacks have involved a phishing campaign targeting the YouTube or Twitter credentials of high profile Syrian opposition figure and malware tainted files posing as documents regarding the foundation of a Syrian revolution leadership council. Another attack punted infected documents supposedly detailing a plan to assist the city of Aleppo.”