Cyber-espionage and cyberwarfare is nothing new. In fact, it is only going to become an increasing presence in the years to come. Numerous world governments have strike forces specifically meant to engage in cyberattacks on foreign enemies and this is a focus for some InfoSec professionals. A recent case of this involves research from Lookout that indicates that the Pakistani military is engaging in cyberwarfare primarily against top officials in numerous governments.
The research was conducted by Lookout and was ultimately compiled in a report that can be read here. Findings in the 29-page document details a phishing campaign that is utilizing a mobile malware family that has been entitled “Stealth Mango.” Stealth Mango is new to researchers and it appeared first on the radar, according to an interview Lookout did with Threatpost, around the middle of January 2018.
The malware is thought to be a creation of freelancers who were contracted by the Pakistani military and is able to access physical devices across both Android and iOS platforms. Fake downloads of malicious apps appear to be a main source of infection, although other methods (such as watering hole URLs) are employed. The primary targets of the Stealth Mango campaign are the governments of Afghanistan, India, Iraq, and the United Arab Emirates. There have also been instances of activists and certain members of government in Pakistan being targeted by the malware as well as indirect (i.e. not intentionally targeted) civilian infections happening in Iran, the United States, Australia, and the United Kingdom.
Lookout noted that the following data had been stolen as a result of the campaign:
- Letters and internal government communications
- Detailed travel information
- Pictures of IDs and passports
- GPS coordinates of pictures and devices
- Legal and medical documents
Developer information including whiteboard sessions, account information, and test devices
Photos of the military, government, and related officials from closed-door meetings including U.S. Army personnel
While the development of this malware was intended for cyber-espionage, it can easily be used by black hats to steal data on non-government targets. A malware developed by military funding is going to be a cut above the rest in terms of functionality and reach. As this is the case, InfoSec professionals and civilians should be extra vigilant in the type of items they download on their mobile devices.