Cyber-attacks against Palestinian government and civilians

Aug 10th, 2018
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. -------#1 Cyber-attacks against Palestinian government and civilians-------
  3. ------Reference-----
  5. [1] https://blog.lookout.com/frozencell-mobile-threat
  7. ----- Introduction -----
  8. Over the last few months, there have been many publications concerning cyber-attacks against our Palestinian brothers. I have investigated these attacks since they were first reported [1]. As part of my research, I tracked the attack servers and retrieved a lot of information stolen from the victims.
  9. In the past few hours, there have been reports in the media about the attack. I saw one of the messages described in the reports, and I think it s the same attackers I tracked. I wasn't ready to publish my research yet, but I have to share a few things, to warn you and show you all how the attackers have been spying against our brothers.
  10. These sloppy attackers do not understand much about security. I found many things in their servers - this is only a small piece of the information that I have watch out, your private data belongs to them!
  11. Notice what they seem to find interesting on their victims cellphones - pictures of women and children. Out of respect for the victims privacy, I have blurred the faces of the victims and deleted personal identifying information.
  12. I also found the list of victims, including their passwords, pictures and a lot more.
  13. Interestingly, some of the victims seems to be the attackers themselves. Such a shame Here are some pictures from the servers that I have.
  14. According to the list of victims I found on the servers, most of their IP addresses are in the West bank and Gaza strip (approximately 80%) and there are also victims from Egypt, Jordan and Lebanon. The attack is clearly against our Palestinian brothers.
  15. Here is a link to Geo map with the victim distribution
  17. https://anonfile.com/Q6v9J3f0b3/123456.png
  19. ------Pictures and more examples--------
  21. Include links for some pictures of the victims that I got from the servers
  23. https://anonfile.com/TbvbJdfab9/4_1.jpg
  24. https://anonfile.com/Xcv6J1fbb7/5_1.jpg
  25. https://anonfile.com/b9waJ6f1be/10_1.jpg
  26. https://anonfile.com/f8wbJ1fbb7/12_1.jpg
  28. Include links for some screen shots uploaded by the malware
  30. https://anonfile.com/i0w8J0fabd/1.jpg
  31. https://anonfile.com/k9w3Jbfabf/7.jpg
  32. https://anonfile.com/m2w5Jbf0b2/9.jpg
  33. https://anonfile.com/uew4Jfffb5/10.jpg
  36. -----Removal tool of the malicious app ------
  38. While investigating the attacker's tools, I also wrote a simple tool that removes the malicious application from a victim cellphone.
  40. https://github.com/r0binh00d31337/Robin-Hood
  42. Anyone who suspects that he is one of the victims, press the link to download the removal tool. It requires a one-time installation and it will remove the malicious application automatically.
  44. Feel free to look at the source code and develop it more, if you wish.
RAW Paste Data