Syria & Lebanon

Assad regime using coronavirus apps to plant spyware on Syrians

The Syrian regime has began conducting a cyber hacking campaign against Syrian citizens and smartphone users by distributing coronavirus-themed apps that serve as spyware, a cybersecurity firm has discovered.

According to the US-based company Lookout, over the past month hackers affiliated with the Syrian regime of President Bashar Al-Assad have used at last 71 new malicious apps on Android mobile devices through the means of luring users with the coronavirus pandemic. The applications then enable regime intelligence to capture the user’s location, messages, pictures, videos, audios and contacts.

The firm’s Senior Security Intelligence Engineer Kristen Del Rosso spoke to the media outlet CyberScoop: ”If your device is infected and someone is monitoring you because you’re a dissident, a rebel, a journalist, they now then know who you’re talking to, where you’re going, who you might meet up with”.

Del Rosso stated that it is part of the regime’s intelligence operations it has long conducted on the Syrian population, and that “This is an ongoing campaign that has used a variety of application titles.” She added that “as with any major political event, economic event, health event — a new crisis gives actors something new to talk about to infect people [with malware].”

Syria has already reported the first cases of the worldwide pandemic, with 33 infections and two deaths, according to official figures, though many speculate that the true number of cases are much higher and are being concealed by the regime.

Apart from fears of the virus being spread to the refugee camps in the north-west province of Idlib and infecting millions of Syrians displaced as a result of the ongoing nine-year-conflict, another concern is now this renewed surveillance campaign launched by the regime which could reach beyond the regime-held territories and into liberated areas.

Researchers in Lookout reportedly discovered the Syrian regime’s surveillance attempts as the apps’ command-and-control servers are located in a block of addresses owned by the internet service provider Tarassul, which in turn is owned by the Syrian Telecommunications Establishment (STE). Furthermore, STE has previously been found to provide infrastructure to the state-backed hacking group called the Syrian Electronic Army (SEA).

Similar models of the Assad regime’s new method of cyber-surveillance have also emerged in other Middle Eastern countries throughout this pandemic, with suspected examples being that of Iran where the Ministry of Health encouraged citizens to install an app in March which identified as a detector of coronavirus symptoms but which was claimed to allegedly be spyware. Another app which presented users with a map tracking coronavirus cases was also launched last month but was discovered to be a cover for spyware which enabled hackers based in Libya to spy on users through their microphones and cameras.

Related Articles

Close