There is a global malware campaign that is targeting mobile devices across the world. It is called Dark Caracal, which is believed to be sourced in Beirut by the Lebanese General Security Directorate. According to security researchers, attacks on mobile devices are on the rise because people are using their smartphones more than they are using laptops or desktop computers, and there is more information on smart phones than on other devices.
The malware is disguised as a messaging app like Signal and WhatsApp. It asks the user to give it permission to take photos, access the microphone, and location based services, and the user is tricked into believing that it is a real app, and as the user always does, clicks “yes” to every pop-up that a new app presents, which then gives the intruders full access to the phone. According to the researchers, this app is not “exploiting a code’s vulnerabilities, it’s exploiting a person’s vulnerabilities.” We can be our own worst enemy.
The good news is that the Google and Apple app stores are working hard to keep these apps out of its stores, but the same is not true for third-party app stores. Dark Caracal spread by advertising on websites and group sites. The tip is not to download an app through a third-party app store.
Another tip is to apply any security patches issued by a manufacturer as soon as possible. According to a report issued by the FTC late last month, individuals are not patching vulnerabilities to their smartphones quickly enough and are becoming victims of already disclosed vulnerabilities because they are not updating their phones with security patches issued by manufacturers.
So next time your phone asks you to update to the next operating system, don’t say “later.” Do it now.