Phishing Spy Campaign Targets Top Middle East Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East.

Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over 30 gigabytes of compromised data on attacker infrastructure, including call records, audio recordings, device location information and text messages.

“These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military,” Lookout researchers said in a report. “Our investigation indicates this actor has used these surveillance-ware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals and civilians.”

Once a device is infected with Stealth Mango, the malware initially uploads all data from an infected device and then tracks all changes that occur as soon as they happen. This includes installed device information, changes in SIM cards on the device, pictures and audio stored on the device and contact lists.

Stealth Mango has been evolving over the months; in February 2018, for instance, the tool also showed functionality like key-logging, screenshot captures and screen-record functionality; the ability to track victims in real time; and the ability to access the message databases of third-party social media applications.

Lookout told Threatpost that a “ballpark figure” of around 100 unique devices were impacted by the targeted surveillance operations, including those of government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab Emirates. Data of officials from other countries, like the U.S. and Germany, have also been swept up in the campaign.

Lookout said it believes the threat actor behind Stealth Mango is also behind the Operation Transparent Tribe and Operation C-Major campaigns, which targeted Indian embassies in Saudi Arabia and Kazakhstan, as well as the Indian military.