daily pastebin goal

Cyber-attacks against Palestinian government and civilians

0R0binH00d0 Aug 10th, 2018 (edited) 527 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. -------#1 Cyber-attacks against Palestinian government and civilians-------
  3. ------Reference-----
  5. [1] https://blog.lookout.com/frozencell-mobile-threat
  7. ----- Introduction -----
  8. Over the last few months, there have been many publications concerning cyber-attacks against our Palestinian brothers. I have investigated these attacks since they were first reported [1]. As part of my research, I tracked the attack servers and retrieved a lot of information stolen from the victims.
  9. In the past few hours, there have been reports in the media about the attack. I saw one of the messages described in the reports, and I think it s the same attackers I tracked. I wasn't ready to publish my research yet, but I have to share a few things, to warn you and show you all how the attackers have been spying against our brothers.
  10. These sloppy attackers do not understand much about security. I found many things in their servers - this is only a small piece of the information that I have  watch out, your private data belongs to them!
  11. Notice what they seem to find interesting on their victims  cellphones - pictures of women and children. Out of respect for the victims  privacy, I have blurred the faces of the victims and deleted personal identifying information.
  12. I also found the list of victims, including their passwords, pictures and a lot more.
  13. Interestingly, some of the victims seems to be the attackers themselves. Such a shame  Here are some pictures from the servers that I have.
  14. According to the list of victims I found on the servers, most of their IP addresses are in the West bank and Gaza strip (approximately 80%) and there are also victims from Egypt, Jordan and Lebanon. The attack is clearly against our Palestinian brothers.  
  15. Here is a link to Geo map with the victim distribution
  17. https://anonfile.com/Q6v9J3f0b3/123456.png
  19. ------Pictures and more examples--------
  21. Include links for some pictures of the victims that I got from the servers
  23. https://anonfile.com/TbvbJdfab9/4_1.jpg
  24. https://anonfile.com/Xcv6J1fbb7/5_1.jpg
  25. https://anonfile.com/b9waJ6f1be/10_1.jpg
  26. https://anonfile.com/f8wbJ1fbb7/12_1.jpg
  28. Include links for some screen shots uploaded by the malware
  30. https://anonfile.com/i0w8J0fabd/1.jpg
  31. https://anonfile.com/k9w3Jbfabf/7.jpg
  32. https://anonfile.com/m2w5Jbf0b2/9.jpg
  33. https://anonfile.com/uew4Jfffb5/10.jpg
  36. -----Removal tool of the malicious app ------
  38. While investigating the attacker's tools, I also wrote a simple tool that removes the malicious application from a victim cellphone.
  40. https://github.com/r0binh00d31337/Robin-Hood
  42. Anyone who suspects that he is one of the victims, press the link to download the removal tool. It requires a one-time installation and it will remove the malicious application automatically.
  44. Feel free to look at the source code and develop it more, if you wish.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand