Syrian dissidents besieged by malware attacks

Under the guise of protecting users' computers from cyberattacks, AntiHacker instead infects computers with spyware. And its main target: Syrian activists.

What AntiHacker looks like when it is being installed on a computer. Electronic Frontier Foundation

As the Syrian civil war continues to escalate, pro-government forces are allegedly carrying out a cyberwar against local dissidents.

Syrian activists, journalists, and government opposition groups are under a barrage of targeted malware attacks, according to the watchdog group Electronic Frontier Foundation. What this malware does is deceptively install surveillance software into a computer under the guise of protecting the computer from viruses. Its name is AntiHacker.

Once the malware is installed in the computer, with promises to "Auto-Protect & Auto-Detect & Security & Quick scan and analysing [sic]," it actually begins to spy on the user. Using a remote access tool called DarkComet RAT the attacker can watch the user's every move with a Webcam, while also disabling any antivirus programs, stealing passwords, deleting data, and more. Once the user has run the program a pop-up appears that says, "You PC is Protect now thank for using our Product [sic]."

AntiHacker has various ways of reaching out to users, including a Facebook group used to lure in potential targets, according to EFF.

"Syrian Internet users should be especially careful about downloading applications from unfamiliar websites," EFF's international freedom of expression coordinator Eva Galperin wrote in a statement today. "The AntiHacker website showed many signs of being illegitimate, including prolific abuse of English spelling and grammar."

This is not the first time that Syrian activists have come under cyberthreat. In May, a Trojan targeted dissidents in both Syria and Iran tracking users that attempted to evade government censorship. This Trojan carried a payload of malware that captured usernames, IP addresses, and hostnames of users; it also recorded any keystrokes entered.

The version of DarkComet that AntiHacker is running is not yet detectable by any antivirus software, according to EFF. However, users can use the DarkComet RAT removal tool to determine whether their computers are infected and then remove the malware.

About the author

Dara Kerr, a freelance journalist based in the Bay Area, is fascinated by robots, supercomputers and Internet memes. When not writing about technology and modernity, she likes to travel to far-off countries.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!