The Tech Herald

Syrian activists targeted by Phishing campaigns and malware

by Steve Ragan - Mar 16 2012, 13:00

Syrian activists targeted by Phishing campaigns and malware.(IMG:J.Anderson)

Activists in Syria were targeted by a Phishing scheme recently, via a false YouTube page, which targeted usernames and passwords in addition to pushing malware. It’s believed that the attackers were pro-government, if not part of the regime itself.

The EFF reported on Thursday that the Phishing page, which has been taken down, targeted Syrian activists searching for current information and related news. The page itself replicated YouTube, and required that the visitor enter in their YouTube username and password in order to leave comments.

Video viewing on the page presented the user with an update to Adobe Flash Player, which if installed allows attackers from a Syrian IP to push additional malware onto the system.

Last week, the EFF also reported on the discovery of XtremeRAT. The Trojan spreads via email and chat messages, and was discovered on systems used by Syrian activists. It has the ability to capture webcam activity, record keystrokes, password sniffing and more. In addition, XtremeRAT can disable notifications from some AV vendors. Any information collected was sent to a server using a Syrian IP.

According to Reporters Without Borders, Syria already had a strong censorship stance on the Internet before the revolution started in 2011, but it has only gotten worse.

Skype and Mumble are the two of the more popular methods activists use to share news and show the world images from a nation on the brink of civil war. So the discovery of XtremeRAT was both shocking and expected. Those familiar with the state of the Web in Syria knew it wouldn’t be long before Assad’s regime expanded their monitoring and censorship efforts.

“EFF is deeply concerned about this pattern of pro-government malware targeting online activists in authoritarian regimes. We will continue to keep a close eye on future developments in this area,” the organization said in a blog post.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Formula E ‘FanBoost’ Voting Opens For Second Race Of Season

Voting for the FanBoost part of the next FIA Formula E race is now open — where fans can vot...

300 Miles From One Gallon And No, That’s Not A Typo

Imagine you’re in a bar and a guy walks up and asks if you’d be interested in buying a car t...

2015 Nissan Pathfinder Prices and Specs

Nissan has announced pricing and specs for the 2015 Nissan Pathfinder. The SUV, which is on ...

Miami ePrix Circuit Revealed

The FIA Formula E Championship has revealed the layout for the Miami ePrix circuit. Formula ...

Two DeLoreans And A Replica Jaguar C Type On Scottish Classic Car Run

The Kirkintilloch & District Classic Vehicle Club’s annual run to Glencoe in Scotland is...