Syria pushing malware via Skype to spy on activists

Syria pushing malware via Skype to spy on activists

Summary: The Syrian government has been found to be using at least one type of remote access tool (RAT) to spy on activists. The attack in question came in the form of a Skype chat and a malicious link.

SHARE:

F-Secure recently received a hard drive image from a woman in Syria who suspected her computer had been compromised. The security firm analyzed the drive's contents and discovered evidence of a targeted attack that used a malicious Skype chat link to install a copy of the Xtreme remote access tool (RAT).

While this particular RAT tool is widely and commercially available online, it has not been linked to government attacks until now. Still, it's not uncommon for such infiltrations to use commodity malware, as it provides cover for governments; if you figure out you're infected, it will just look like a regular Trojan that might be used to steal banking information, not spy on you.

The typical scenario for such an attack is a chat session between opposition members. Regime supporters either masquerade as opposition members or actually use the accounts of opposition members who have been arrested. All that it takes is a malicious link sent from the right person and many activists have their machines infected.

In fact, that's exactly what happened with the activist who supplied her hard drive to F-Secure. She became suspicious after realizing her chat partner had been in custody at the time their chat took place.

It all started with a Skype session initiated from the account of a fellow activist who had been taken into custody. The discovered backdoor calls home to the IP address 216.6.0.28, which belongs to Syrian Arab Republic — Syrian Telecommunications Establishment (STE).

The ongoing massive uprising in Syria began in January 2011, as part of the wider Arab Spring. The opposition is dominated by Sunni Muslims, whereas the leading government figures are Alawite Muslims.

Protesters are demanding the resignation of President Bashar al-Assad, want to overthrow his government, and are looking to end nearly five decades of Ba'ath Party rule. In response, the Syrian government has deployed the Syrian Army, resulting in the death of 9,000 to 11,000 civilians and soldiers. Many more have been injured, and tens of thousands of protesters have been imprisoned.

In addition to armed forces, the Syrian government is also pushing various types of online attacks. We've already heard reports of Facebook phishing attacks and fake YouTube sites with malware targeting Syrian activists. Now Skype is being leverages as well.

Egyptian, Iranian, and Syrian governments using malware to spy on their citizens is nothing new. Nevertheless, it's still a worrying trend.

See also:

Topics: Government, Banking, Google, Malware, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • The EFF Blogged About This Two Months Ago

    Note that this is the same malware:

    https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it
    headhntr
  • Syrian wikileak files

    I got into your site hoping to read some of the Syrian files released by WikiLeaks, but I only found short articles on the fact that they had, indeed released the files. That does me no good. Also, The Assad regime needed to go. This is beyond question. However, do you have any articles pointing to the atrocities committed by many of the so called opposition? In the search for truth, we must put up all sides of an equation (if we have it, that is). Admittedly, the originial protesters in Syria over a year ago were true patriots and nonviolent activists. What infiltrated them almost immediately were foreigners of dubious nationalities with money from now familiar sources. This is what we need to uncover. What is the true role of the U.S. and Israel in this sorry human tragedy on the Syrian peoples? Again, the Syrian regime did have to change, but did it have to go the way of Libya with a band of criminals of dubious origins killing innocent children and women just to prove to the West that they should get involved? Who are the behind the scene players and what is their reasoning.
    timoteo1977