Hamas Spied On Israeli Soldiers Through Malware-laden Messaging App

The Israeli Defense Force recently announced several of their soldiers have fallen victim to a Facebook-oriented malware attack. Allegedly, a group of Hamas operatives used social engineering to trick the soldiers into installing malicious apps onto their phones. Through these malware-laden files, Hamas operatives could eavesdrop on conversations and other types of communication. As innocent as a friend request on Facebook may seem to be, one never knows it’s true intentions.

Using Malware To Spy On Soldiers

It has to be said, the Hamas operatives used a coy strategy to execute their social engineering strategy. By sending fake friend requests to Israel Defense Force soldiers, the attack proved to be quite effective. Hamas operatives made fake Facebook accounts to make the requests resemble coming from attractive women with an interest in men in uniform.

Moreover, all of these “women” sent pictures of themselves to the soldiers once their friend request was accepted. They also engaged the defense forces in active conversations, during which they kept the social engineering attack going. Although all the photos are indeed real, they were stolen from other people’s social media accounts.

It did not take long for these “new Facebook friends” to take things to the next level. Israeli soldiers were asked to download a new messaging app, called Wowo Messenger. This new platform would be used for more private and intimate conversations between the soldiers and their new friends. As most of these soldiers were driven by something other than their brain at that time, quite a few of them downloaded the malware-laden application.

Wowo Messenger would turn the soldiers’ phones and tablets into devices that can be used to eavesdrop on all types of communication. Among the data ready to be accessed by a third party are contacts, location information, pictures, and applications. Moreover, these devices can be hijacked to stream video and audio through the camera and microphone.

Thankfully, the IDF caught wind of this new attack vector rather quickly, even though a lot of damage had been done already. Hamas was successful in their attempts to infiltrate phones of several soldiers. It is unclear how much and what type of data has been retrieved from these devices, though. Social engineering remains a very effective way to achieve one’s goals with relative ease.

Even the people trained to spot these types of online attack vectors can fall victim to these tactics. A few chat messages and a friend request from a pretty face can affect both men and women equally. Being part of the army can be lonely at times, which creates an emotional attack vector. Then again, these IDF soldiers were found through public information which revealed they were in active service, which is rather troublesome in itself.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.