The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Facebook’s messenger exploited as a vector to launch cyber-attacks. Avast: hackers use it to spread the “Tempting Cedar Spyware”
A new campaign of cyber attacks involving Facebook seems to be underway in Italy too. Many Italians have received messages by trusted contacts that contains a link to what seems to be a video. The target is asked to check if it’s really him/her in the footage. Be careful, it’s a trap. The operation is meant to persuade the unaware user to download a malware. Avast researchers, who analyzed this phenomenon, dubbed it “Tempting Cedar Spyware”. Once installed, it steals the victims’ personal information such as contacts, call logs, SMS and device data. The malware is also able to record its surroundings, including the conversations within the range of the infected device. Apparently, Lebanese hackers were behind the cyber attacks campaign via social media. It is still unclear, though, if they are members of cybercrime or if they are using social engineering to conduct cyber espionage and cyberwarfare activities.
Trusted contacts and beautiful women are the bait. Israel is the most affected country, but not the only one. The hacker offensive is targeting Italy as well
Cyber attacks via Facebook use not only profiles of trusted users from the victim’s contact list. The target receives appreciation messages also from unknown users, usually attractive women. They ask the victim to click on a link to download an app in order to continue the conversation. It is actually a trap. The software, in fact, is the so-called “Tempting Cedar Spyware”, disguised as the popular Kik Messenger app. Moreover, the Lebanese hackers behind those fake profiles used some stratagems to make them more credible. The first trick to make those profiles look real consists in making them interact with others. Actually, as Avast discovered, those interactions take place within the same circle of fake profiles. As for the victims, it has been found that some of them are from the US, France, Germany, China, and Italy. I say this through personal experience, since I am also among those who have received such messages. The majority of the victims, though, seems to be located in the Middle East, Israel in particular.