Hundreds of Israeli troops have become prey to a ransomware scam organized by the radical Hamas organization that loaded malware on their phones.

A spokesperson for Israel’s military confirmed that the troops were sent false photos of young people in an attempt to trick them to use an app that would be able to hack their smartphones without information. According to lieutenant colonel Jonathan Conricus of Israel, this was Hamas ‘ third effort to hack Israeli soldiers ‘ smartphones in recent years and it was perhaps the most advanced yet.

Honey trap:

Israel soldiers fooled into backdoor deployment by Hamas. Hamas’ new plan begun with hackers claiming to be teenage girls with poor online Hebrew. The hackers stated to be refugees, or have sensory or hearing impairments, to seem persuasive though.

When they were comfortable with the troops, they would then be given links by the ‘ girls ‘ which they claimed would encourage them to share images. Nevertheless, clicking on the links to their smartphones and allegedly downloaded malware.

The malware also provided the hackers access to all of the mobile data on the soldiers which include their address, images and contact details.

Many months earlier, the Israeli defense forces discovered Hamas ‘ plan however, according to Conricus, they allowed it to remain under control until the project was finally shut down.

Profiles:

Several soldiers fall for the scheme but IDF said they were identifying the viruses, monitoring the ransomware, and then taking down the hacking network of Hamas.
IDF said that Hamas agents built profiles for Twitter, Snapchat, Facebook, and Telegram and then threatened IDF soldiers.

Hamas members also dressed as recent Israeli refugees to conceal their lack of understanding of the Hebrew language, according to IDF spokeswoman brigadier general Hild Silberman.

IDF inspectors have reported they have tracked profiles of six intruders (named as girls) featured in the new drive for social engineering. The tales were called:

  • Sarah Orlova
  • Maria Jacobova
  • Eden Ben Ezra
  • Noa Danon
  • Yael Azoulay
  • Rebecca Aboxis

Finally, troops engaging in interactions were tempted to download one of three chat-apps for the sake of picture exchange:

  • Catch & See
  • Grixy
  • Zatu

Gen. Silberman said that by displaying a crash alert, the applications would offer the illusion that they can not operate on soldiers ‘ telephones. The applications would then delete their logos from the soldier’s device, tricking the customer into believing the software itself had been uninstalled.

The software would still run in the background, however. Then the malicious programs will exfiltrate images, SMS messages, emails, and more. The apps would also be able to install other malware on the smartphone, monitor the geo-location of the phone in real-time and even take screenshots via the camera of the computer.

Check Point traced the new malware strains to a community-identified under the codename APT-C-23, involved since the summer of 2018.