What is Dark Caracal?
Dark Caracal is a malware and spyware campaign implemented through the distribution of fake trojan apps for Signal and WhatsApp designed to steal your personal and private information.
Trojanized apps are designed to like, act and feel like the real thing. They are fake apps that pretend to look like the real, trusted versions of the same apps.
If you’ve loaded these apps on your device from the Google Play store then you are probably safe, but the majority impacted received an email invite that was deliberately sent to them in a spear-phishing campaign designed to specifically target them. This campaign has affected military personnel, law enforcement, lawyers and journalists among others.
The spear-phishing campaign directed recipients through email to visit carefully crafted fake Android app-store pages. It means the attackers found more insidious was to distribute fake Android apps. iOS is not affected because iOS Apps can only be installed through the Apple App Store.
The fake apps have been carefully designed to look like the real ones, so the victims may only detect the threat by how they were installed or by the information being requested. The malicious versions often ask for excessive personal information that can be used later in other attacks.
Analysis of this threat has revealed important information in the behavior of organized crime and how nation-states and other skilled hackers may carry out high-end phishing attacks against a target.
This is a great example of how most modern threats require the willful participate of a user to breach a device or steal vital information. The most dangerous aspect of these threats are how the attackers gain the participation of a user.
Basic steps for protecting yourself from this malware are essentially the same as other phishing attempts. You should be wary of any emails asking you for sensitive information or tricking you into clicking on a link, or opening images and documents that might infect your computer.
We recommend that you always seek confirmation from the sender outside of electronic communications when receiving a suspicious or unexpected invitation or email soliciting actions that could affect your computer or privacy.
Always keep an eye out for links, emails or apps pretending to be something that they aren’t. Make sure that you share information with your friends and colleagues when necessary to protect them if you feel you’ve been compromised or have identified a threat. Teamwork and awareness will help us reduce these threats and better protect our online lives.