Pro-Assad malware targets Syria activists

Summary:A high-stakes and brutal form of cyberwarfare is being waged, on Facebook and elsewhere, by those in the service of the Syrian government against those in opposition.

A report released by the Electronic Freedom Foundation (EFF) and University of Toronto's Citizen Lab details malware attacks used by pro-Syrian government forces against the opposition.

A lure on Facebook for opposition to click on a link and download malware

The paper (embedded below), is co-authored by Citizen Lab security researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin.

The image nearby is taken from a post to the Facebook page of the pro-opposition Revolution Youth Coalition on the Syrian Coast. [WARNING: As we report here, there have been malicious links on this page in the past. Proceed with caution.] The post, which tells the story of the killing of an opposition commander, includes a link to what it claims is a video related to the conflict. In fact, the link downloads malware, a remote access tool known as Bladakindi or njRAT. "RAT" in the context of malware is a Remote Access Tool, used for logging keystrokes and taking screenshots on the victim's system. The attackers seem to have taken over the Facebook page, because comments to the post which warned of malware in it were subsequently removed. For more details read the report.

Another example cited by the report describes an email sent to an administrator of an NGO. It includes a link to a video showing the brutal murder of a civilian. The video is actually an executable program which also drops a RAT on the system. Other related email campaigns are described in the report.

Hat tip to Bruce Schneier.

Topics: Security


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.