- A Hamas-linked hacker group called Arid Viper has been accused of orchestrating at least 5 attacks across Egypt and Palestine.
- The revelation was made by a research group called ESET who also put together a detailed analysis of its attack technique.
- The bad news is that at least 3 of the 5 campaigns run by the hacker group are still active.
A Hamas-linked hacker group has been accused of orchestrating cyber attacks across Palestine and Egypt.
The group is called Arid Viper and has been active since 2013, targeting their victims through an Android spyware called AridSpy.
This is the first time researchers have been able to pin down the group and put together a detailed analysis of its malware.
The attacks were first discovered by ESET– a cybersecurity company based in Slovakia. It found that the group was attacking through Trojanized Android apps, mostly messaging apps. Five such attacks targeting Palestine and Egypt have already been discovered.
How Does the Malware Work?
Here’s how the malware works:
Step 1: Malicious Apps
The compromised apps are mostly distributed through websites that impersonate real apps.
- For example, for its victims in Palestine, the hacker group impersonated the Palestinian Civil Registry app.
- On the other hand, in Egypt, the malicious app was impersonating another legitimate app called LapizaChat. Some fake job postings were hiding the malicious links.
Step 2: Download Path
Once the victim clicks on the download link, myScript.js, hosted on the same server, is executed. It creates the correct download path for the malicious file. This is where the first stage ends.
Step 3: Data Exfiltration
Now in the second stage, data exfiltration begins. Analysts at ESET found that these hackers were able to extract all sorts of information such as device location, messages, clipboard data, video recordings, and more.
In some cases, the criminals were also able to gain control over the data by taking pictures and recording audio.
The worst part is, at the time of writing this, 3 out of the 5 discovered campaigns are still running and the hacker group is probably out there updating AridSpy so their attacks can’t be discovered again.
A Little About Arid Viper
Arid Viper has several other names. You might know it as Desert Falcons, APT-C-23, or Two-tailed Scorpion.
The cyber group has been active for more than a decade now and is known for mostly targeting countries in the Middle East. Israel and Palestine are its primary targets but its reach goes beyond that.
In 2022, the group used AridSpy to disrupt the FIFA World Cup that was held in Qatar.
The group has been linked to Hamas–a Palestinian militant group– but no solid evidence has been found of this connection. ESET researchers also didn’t find any government connection with the group.
The Hamas-Israel war has brought a wave of social media misinformation with it. From false war scenes and deepfake videos to conspiracy theories and malign influences, almost all social media platforms are plagued with disinformation.
The EU had issued warnings to social media giants TikTok and Meta, warning them to combat the issue at the earliest. X’s content moderation regulations also received a lot of backlash for its inadequacies.
Although the misinformation seems to have subsided during the last few months, these cyberattacks still plague the internet atmosphere in the Middle East.
