Syrian activists targeted by AntiHacker malware
AntiHacker malware being used to spy on activists and media
Activists in Syria are being spied on by surveillance software that is disguised as an anti-virus application, according to the Electronic Frontier Foundation (EFF).
The EFF is warning that activists and media have been targeted by the malware called ‘AntiHacker’, which appears to be an AV programme, CNET reports.
The malware purports to offer “Auto-Protect & Auto-Detect & Security & Quick scan and analysing [sic],” but in reality its payload is the DarkComet remote access trojan (RAT). The DarkComet RAT is capable of keystroke logging, remote access to web cams, disabling anti-virus and other security programs, and remote deletion of data.
AntiHacker has also established a Facebook page to lure victims.
EFF says that its analysis suggests the AntiHacker malware is the work of the same group that has launched several malware campaigns that used fake revolutionary documents, and a fake Skype encryption tool, all related to Syria.
This version of DarkComet is not detectable by any anti-virus software as of 1st August, 2012. However, it is detectable by the DarkComet RAT removal tool.
EFF said in a blog post: “Syrian Internet users should be especially careful about downloading applications from unfamiliar websites. The AntiHacker website showed many signs of being illegitimate, including prolific abuse of English spelling and grammar, but this campaign demonstrates that while Syrian activists are becoming more savvy about efforts to trick them into downloading malware, attackers are also becoming more sophisticated.”