As the Syrian civil war continues to escalate, pro-government forces are allegedly carrying out a cyberwar against local dissidents.
Syrian activists, journalists, and government opposition groups are under a barrage of targeted malware attacks, according to the watchdog group Electronic Frontier Foundation. What this malware does is deceptively install surveillance software into a computer under the guise of protecting the computer from viruses. Its name is AntiHacker.
Once the malware is installed in the computer, with promises to "Auto-Protect & Auto-Detect & Security & Quick scan and analysing [sic]," it actually begins to spy on the user. Using a remote access tool called DarkComet RAT the attacker can watch the user's every move with a Webcam, while also disabling any antivirus programs, stealing passwords, deleting data, and more. Once the user has run the program a pop-up appears that says, "You PC is Protect now thank for using our Product [sic]."
AntiHacker has various ways of reaching out to users, including a Facebook group used to lure in potential targets, according to EFF.
"Syrian Internet users should be especially careful about downloading applications from unfamiliar websites," EFF's international freedom of expression coordinator Eva Galperin wrote in a statement today. "The AntiHacker website showed many signs of being illegitimate, including prolific abuse of English spelling and grammar."
This is not the first time that Syrian activists have come under cyberthreat. In May, ain both Syria and Iran tracking users that attempted to evade government censorship. This Trojan carried a payload of malware that captured usernames, IP addresses, and hostnames of users; it also recorded any keystrokes entered.
The version of DarkComet that AntiHacker is running is not yet detectable by any antivirus software, according to EFF. However, users can use the DarkComet RAT removal tool to determine whether their computers are infected and then remove the malware.