The Merkle

Dark Caracal Malware Is a Threat to All Mobile Device Users

The electronic devices we use on a daily basis are very prone to hacks, theft, and other software-related issues. One particular security bug uncovered by the Electronic Frontier Foundation has researchers greatly concerned. A new type of malware designed to look like popular social messaging applications has already stolen gigabytes worth of data. This puts smartphones and some tablets at risk, but finding a solution to this threat may prove far more difficult than anyone would like.

Lebanese Malware has Researchers Concerned

Any type of tool that is designed to steal sensitive information is of great concern to security researchers. That’s especially true when that software seemingly targets mobile device users, including lawyers, activists, journalists, and even military personnel. Any specific information obtained from any of these sources could be worth a lot of money to the right buyer. Stealing that information using malware that poses as either WhatsApp or Signal is a smart idea on the part of criminals, but a big problem for consumers all over the world.

The malware in question is mainly targeted at Android device users. Considering that Android is the world’s largest mobile OS, such a targeted campaign is anything but surprising. It seems the malware is known as Dark Caracal, and it appears to mimic the functionality of popular messaging applications. In the background, however, the malware steals one’s data, including call records, documents, audio recordings, and photos.

So far, Dark Caracal has made an impact in the US, Germany, France, Canada, and Lebanon. Do not underestimate the size of this threat, as researchers have discovered it to be a large-scale global campaign. Since mobile devices have become so commonplace, it is only normal that criminals will use sophisticated tools to target these devices. Mobile is now a primary target for criminals, which is a trend everyone should genuinely be worried about.

The security researchers also discovered that this particular malware may have been designed by Lebanese criminals. It is unclear if the Lebanese government has any relation to this project, but for now, nothing seems to indicate that is the case. The applications containing this malware were not found in or downloaded from the Google Play Store either. Instead, they were spread via third-party download sites and “ripped” apk files shared on social media as well as phpBB messaging boards.

Additionally, it seems Dark Caracal is not a new type of malware. A very similar variant was discovered in 2012, but tracking the progress this malware has made ever since has proven to be virtually impossible. There are so many espionage campaigns originating from the same domain names, this particular mobile malware dropped off the researchers’ radar entirely. This is a very worrisome trend, especially considering that these applications can be distributed on a global scale without too many repercussions.

For the time being, we will have to wait and see if the Lebanese government was indeed involved in this malware’s development. The obtained data could certainly give them a lot of information they wouldn’t be privy to otherwise. The targets are not picked randomly, though, which does indicate that a nation-state may be involved. Always download official applications from the Google Play Store and do not bother grabbing APK files from the internet.