Syrian Activists Targeted with BlackShades Spy Software

Syrian Activists Targeted with BlackShades Spy Software

The use of remote surveillance software against activists has been a feature of the ongoing conflict in Syria.  In February 2012, CNN reported that “Computer spyware is the newest weapon in the Syrian conflict”. Since then numerous electronic campaigns targeting Syrian activists have been observed. These have included: a phishing campaign involving the compromise of a high profile Syrian opposition figure; malware targeting activists by claiming to be documents regarding the foundation of a Syrian revolution leadership council; and, malware purporting to be a plan to assist the city of Aleppo.

The majority of these attacks have involved the use of Dark Comet RAT. Remote Administration Tools (RAT) provide the ability to remotely survey the electronic activities of a victim by keylogging, remote desktop viewing, webcam spying, audio-eavesdropping, data exfiltration, and more.

The use of Dark Comet in this conflict has been well documented. This RAT was the toolkit used in the malware reported on by CNN and also in the campaigns using fraudulent revolutionary documents.

In addition to Dark Comet, we have seen the use of Xtreme RAT reported on by the Electronic Frontier Foundation (EFF) and F-Secure.

Today, the EFF and Citizen Lab report on the use of a new toolkit by a previously observed attacker. This actor has been circulating malware which surreptitiously installs BlackShades RAT on victims machines. This RAT is a commercial tool which advertises the following:

“Blackshades Remote Controller also provides as an efficient way of turning your machine into a surveillance/spy-device or to spy on a specific system.”

It is being distributed via the compromised Skype accounts of Syrian activists in the form of a “.pif” file purporting to be an important new video.

Προσθέστε περισσότερες πληροφορίες

To μέγιστο μέγεθος των αρχείων είναι 16ΜΒ. Επιτρέπονται όλες οι γνωστές καταλήξεις αρχείων εικόνας,ήχου, βίντεο. ΠΡΟΣΟΧΗ! Για να υπάρχει η δυνατότα embed ενός video πρέπει να είναι της μορφής mp4 ή ogg.

Νέο! Επιλέξτε ποιά εικόνα θα απεικονίζεται στην αρχή του σχόλιου.

Creative Commons License

Όλα τα περιεχόμενα αυτού του δικτυακού τόπου είναι ελεύθερα προς αντιγραφή, διανομή, προβολή και μεταποίηση, αρκεί να συνεχίσουν να διατίθενται, αυτά και τα παράγωγα έργα που πιθανώς προκύψουν, εξίσου ελεύθερα, υπό τους όρους της άδειας χρήσης Creative Commons Attribution-ShareAlike 4.0 International License