Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -------#1 Cyber-attacks against Palestinian government and civilians-------
- ------Reference-----
- [1] https://blog.lookout.com/frozencell-mobile-threat
- ----- Introduction -----
- Over the last few months, there have been many publications concerning cyber-attacks against our Palestinian brothers. I have investigated these attacks since they were first reported [1]. As part of my research, I tracked the attack servers and retrieved a lot of information stolen from the victims.
- In the past few hours, there have been reports in the media about the attack. I saw one of the messages described in the reports, and I think it s the same attackers I tracked. I wasn't ready to publish my research yet, but I have to share a few things, to warn you and show you all how the attackers have been spying against our brothers.
- These sloppy attackers do not understand much about security. I found many things in their servers - this is only a small piece of the information that I have watch out, your private data belongs to them!
- Notice what they seem to find interesting on their victims cellphones - pictures of women and children. Out of respect for the victims privacy, I have blurred the faces of the victims and deleted personal identifying information.
- I also found the list of victims, including their passwords, pictures and a lot more.
- Interestingly, some of the victims seems to be the attackers themselves. Such a shame Here are some pictures from the servers that I have.
- According to the list of victims I found on the servers, most of their IP addresses are in the West bank and Gaza strip (approximately 80%) and there are also victims from Egypt, Jordan and Lebanon. The attack is clearly against our Palestinian brothers.
- Here is a link to Geo map with the victim distribution
- https://anonfile.com/Q6v9J3f0b3/123456.png
- ------Pictures and more examples--------
- Include links for some pictures of the victims that I got from the servers
- https://anonfile.com/TbvbJdfab9/4_1.jpg
- https://anonfile.com/Xcv6J1fbb7/5_1.jpg
- https://anonfile.com/b9waJ6f1be/10_1.jpg
- https://anonfile.com/f8wbJ1fbb7/12_1.jpg
- Include links for some screen shots uploaded by the malware
- https://anonfile.com/i0w8J0fabd/1.jpg
- https://anonfile.com/k9w3Jbfabf/7.jpg
- https://anonfile.com/m2w5Jbf0b2/9.jpg
- https://anonfile.com/uew4Jfffb5/10.jpg
- -----Removal tool of the malicious app ------
- While investigating the attacker's tools, I also wrote a simple tool that removes the malicious application from a victim cellphone.
- https://github.com/r0binh00d31337/Robin-Hood
- Anyone who suspects that he is one of the victims, press the link to download the removal tool. It requires a one-time installation and it will remove the malicious application automatically.
- Feel free to look at the source code and develop it more, if you wish.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement