Pro-Assad malware targets Syria activists

Pro-Assad malware targets Syria activists

Summary: A high-stakes and brutal form of cyberwarfare is being waged, on Facebook and elsewhere, by those in the service of the Syrian government against those in opposition.

SHARE:
TOPICS: Security
7

A report released by the Electronic Freedom Foundation (EFF) and University of Toronto's Citizen Lab details malware attacks used by pro-Syrian government forces against the opposition.

Syria-malware-lure
A lure on Facebook for opposition to click on a link and download malware

The paper (embedded below), is co-authored by Citizen Lab security researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin.

The image nearby is taken from a post to the Facebook page of the pro-opposition Revolution Youth Coalition on the Syrian Coast. [WARNING: As we report here, there have been malicious links on this page in the past. Proceed with caution.] The post, which tells the story of the killing of an opposition commander, includes a link to what it claims is a video related to the conflict. In fact, the link downloads malware, a remote access tool known as Bladakindi or njRAT. "RAT" in the context of malware is a Remote Access Tool, used for logging keystrokes and taking screenshots on the victim's system. The attackers seem to have taken over the Facebook page, because comments to the post which warned of malware in it were subsequently removed. For more details read the report.

Another example cited by the report describes an email sent to an administrator of an NGO. It includes a link to a video showing the brutal murder of a civilian. The video is actually an executable program which also drops a RAT on the system. Other related email campaigns are described in the report.

Hat tip to Bruce Schneier.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • More patriotic hacking

    The question is, is it really independent, or is it directed by the Baath Party (directly or through the government)? I've long suspected the latter.

    Totalitarian states don't like independent civil society and repress it to the extent that they can (there are exceptions, but they're rare and they almost always involve religious institutions such as the Roman Catholic Church). Syria does not appear to be an exception.
    John L. Ries
    • outsourcing

      It's all speculation, but it would make sense I think for Syrian security forces to pay outsiders for intelligence like this on activists. It's clearly the most efficient route and gives them more time for the physical aspects of repression.
      larry@...
    • good...

      looks like syria is winning on electronic warfare also, just on the ground.
      deathtoms
  • Syrian Activists? Seriously? You're going to

    run with that? These rebels are Al Qaeda. This is yet another middle eastern conflict with no good guys.
    baggins_z
    • Apparently some of them are...

      ...but not all. If all this was was a fight between fascists (which is what Baathists really are) and islamists then it would behoove the rest of the world to stay out, but there do appear to be democratic elements as well.

      And no, I definitely don't think the US should intervene on behalf of the existing government.
      John L. Ries
      • 5% are domestic rebels...

        ...the rest are dragged from all over the world.
        deathtoms
        • You took a survey?

          How was it conducted?
          John L. Ries