Dark Caracal is a spyware campaign that has been conducted by an unknown group of hackers since at least 2012. The campaign was discovered by the Electronic Frontier Foundation and the mobile security firm Lookout, who published their findings on January 18, 2018. The campaign has mainly used phishing attacks (and in some cases physical access to victims systems) in order to install malicious Android applications, including ones that imitate the look and feel of popular instant messaging applications, on victims systems to gain full control over the devices. No evidence was found that iPhone users have been targeted, and according to Google, none of the malicious applications were found on the Google Play Store. The data allegedly stolen includes documents, call records, text messages, audio recordings, secure messaging client content, browsing history, contact information, photos, location data, and other information that allows the group to identify their targets and have a look at their personal lives. The component used to monitor Android devices is known as Pallas; the component used to monitor Windows devices is a variant of the Bandook trojan.
The campaign is suspected to be state-sponsored and linked to the Lebanese government's General Directorate of General Security. According to Reuters, "the researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building." The researchers have said that they are not certain "whether the evidence proves GDGS is responsible or is the work of a rogue employee." The report was denied by Major General Abbas Ibrahim.
- Newman, Lily Hay (20 January 2018). "Security News This Week: Hacking Group's Mobile Malware Spies on Thousands Worldwide". Wired. Condé Nast. Retrieved 21 January 2018. CS1 maint: discouraged parameter (link)
- Satter, Raphael (2018-01-18). "Report links hacking campaign to Lebanese security agency". Washington Post. ISSN 0190-8286. Retrieved 2018-01-19.
- Auchard, Eric (18 January 2018). "Lebanese security agency turns smartphone into selfie spycam: researchers". Reuters. Retrieved 23 January 2018. CS1 maint: discouraged parameter (link)
- Thomson, Iain (18 January 2018). "Someone is touting a mobile, PC spyware platform called Dark Caracal to governments". The Register. Retrieved 2018-01-19.
- Brandom, Russell (January 18, 2018). "Researchers have discovered a new kind of government spyware for hire". The Verge. Retrieved 2018-01-19.
- "Dark Caracal; Cyber-espionage at a Global Scale", technical report by Lookout and the Electronic Frontier Foundation