Pentest specialists report that Hamas has been accused of leading an elaborated spyware operation designed to involve Israeli Defense Force (IDF) soldiers to download malicious applications.
A large number of soldiers from Israeli forces have been contacted for alleged false profiles on social networking sites in what the military call Operation Broken Heart.
After establishing a good relationship with the soldiers via WhatsApp, the fake profile regularly sends them a link to download apps with malicious content. Links include dating apps with names like GlanceLove and others with live matches and results from the World Cup, such as Golden Cup.
A suspicious profile with an Israeli number attached, belonged to a supposed “Lina Kramer” was discovered last January. The attackers often try to hide their deficient dominance of the Hebrew language by saying that they are immigrants, as pentest experts reported.
“By the time the first attacker approached us, we had already begun to receive dozens of reports of soldiers about suspicious profiles and applications on social networks” said the colonel in charge of the Department of Information Security of the Israeli Defense Forces.
“After investigating the reports, we discovered a hostile infrastructure that Hamas tried to use to keep in touch with IDF soldiers and tempted them to download the harmful apps, using the soldiers to gain access to classified information”, the IDF’s information security department reported.
According to pentest specialists, these apps are loaded with Trojan malware capable of turning on the microphone and camera, accessing photos, phone numbers and email addresses of soldiers who are established near the Palestine border, and even collect information on those military bases.
The Israeli Army’s Department of Information Security has updated its guide for soldiers because of the Operation Broken Heart and is reported to be also sending fake messages to the soldiers in an attempt to raise awareness of the dangers of connecting with strangers online.
The International Institute of Cyber Security claims that such scams are highly practiced to obtain information from smart devices users.