Syrian Cybercriminals Target Activists Through Social Media


Malware targeting activists who oppose the regime of embattled Syrian president Bashar al-Assad is growing increasingly numerous, organized and sophisticated, according to a new cybersecurity industry report.

The Kaspersky Labs study found that the malware attacks rely heavily on social engineering to extend the reach of the malicious software. One technique used by the cybercriminals is to include a document in social media messages that has supposedly been leaked by someone within the Assad government that contains a secret list of the names of those wanted by the regime, Threatpost reported.

Another fake document claims to hold information about the use of chemical weapons, while a scheme involving YouTube videos of the conflict encourages viewers to download popular communication tools like WhatsApp.

In reality, all of the files being downloaded are actually malicious software. In the case of the phony documents, the victims are downloading remote access tools and the YouTube video tricks people into accessing trojanized versions of legitimate applications.

Hundreds of Malicious Files in Use
According to the report, 110 distinct malicious file packages were identified, as well as almost 50 IP addresses associated with the spread of the malware campaign. Nearly all of the samples found were remote access tools and are being distributed by members of a network of cybercriminals that appear to be associated with the Assad regime.

Remote access Trojans, or RATs, are capable of fully overtaking an infected system, giving them the ability to steal credentials, activate microphones and cameras and any other function a compromised device could perform. In this case, once a machine has been infected, the attackers use information found within to continue deploying malware through applications like Skype. The cybercriminals feed off of a fear of data breaches and pretend to be the owner of the device, offering RATs disguised as security tools to the owner’s contacts.

The RATs being used in the malware scheme are identifiable by most antivirus programs, but the cybercriminals are utilizing a number of techniques to remain undetected, International Business Times reported.

“Although most of these samples are known, cybercriminals rely on a plethora of obfuscation tools and techniques in order to change the malware structure so as to bypass signature scanning and avoid antivirus detection,” stated the report.

According to researchers, certain samples of malware were found to have been downloaded more than 2,000 times. The victims targeted by the cybercriminals are primarily located in the Middle East, but some in the United States have also been found to be affected by the campaign.

Protecting Against Malicious Software
As malware schemes targeting social media users become more prevalent, enterprises need to become increasingly aware of the types of security defenses they utilize. Employees will always be checking social media, and if a popular link leads to disastrous malware, the entire network could be compromised.

A reliable way to protect against downloading malicious software is employee education, proper policy and the use of strong authentication. Identifying which website certificates are legitimate and blocking access to those without authentic credentials can dramatically increase enterprise security and reduce the threat of malware.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation