Much of the data from the dark web which is usually described as the hive of illegal activities come from the activities of the black hat hackers who siphon these data from the surface web. Sometimes when you want to surf the internet or access some websites, you may be hounded by notifications or pop-up ads requesting you to download suggested device cleaner or anti-virus software so that you could have a nice surfing experience. These are usually the activities of hackers attempting to siphon data from your device. The surface web platforms notably Google, Facebook, etc have been held responsible for the nefarious activities of these hackers.
Recently, Meta-owned Social media giant, Facebook has declared that a Cybersecurity espionage group known as Bitter APT has been spying on thousands of people by using malware that masquerades as popular secure social media and messaging apps such as WhatsApp, Facebook Messenger, WeChat, Instagram etc. Bitter APT which is believed to be operating out of India and Pakistan symbolizes Advanced Persistent Threat and is a designation typically given to state-sponsored hacking groups.
According to Facebook’s report cited in a Forbes’ cybersecurity article by Thomas Brewster, Bitter APT which has become common among the Ukrainians as a tool for communicating information about the Russian invasion is dubbed “Dracarys” a name found in the malware code and a possible reference to the popular HBO series, Game of Thrones. The malware can siphon off all kinds of information from Android devices, including call logs, contacts, files, text messages and geolocation data, and it can also access a device’s camera and microphone. The group has been running attacks on energy, engineering and government entities in China, Pakistan and Saudi Arabia, according to a recent report by Cisco’s Talos cybersecurity research unit.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Forbes’ in-house analyst, Thomas Brewster, reported that Dracarys has been propagated on Facebook and Instagram by hackers posting as attractive women, journalists or activists who convince their targets to download the bogus app, and once they have done that, Dracarys abuses the accessibility features intended to assist users with disability to automatically click through and grant broad device permissions such as the ability to access the camera. The malware appears as legitimate and harvests data on the phones without being detected by anti-virus systems. According to Facebook, this shows that Bitter has managed to reimplement common malicious functionality in a way that went undetected by the security communities.
Another threat from a Pakistan-based government hacking unit known as APT36, a modified version of XplitSPY which was originally developed by a group of self-reported ethical hackers in India, has been uncovered by Facebook. APT36 had been spotted targeting people in Afghanistan, India, Pakistan, UAE and Saudi Arabia including military personnel, Government officials, employees of human rights and other nonprofit organisations and students.
Mike Dvilyanski, Facebook’s head of Cyber espionage investigations was reported to have said Meta has identified 10,000 users across at least nine countries that may have been targeted by Bitter APT and APT36 and it is in the process of warning users directly over Facebook and Instagram. He told Forbes that Meta intends to alert users that might have come in contact with these groups and inform them of the tools that they can use to secure their online presence.