{
	"id": "7948e1e6-3783-43f5-9b04-443867ba2904",
	"created_at": "2026-04-06T00:16:42.045423Z",
	"updated_at": "2026-04-10T03:30:33.229014Z",
	"deleted_at": null,
	"sha1_hash": "809c54cadd3d32cb5c74b0b3e407ef90b9f398ce",
	"title": "An Invasive Spyware Attack on Military Mobile Devices",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41945,
	"plain_text": "An Invasive Spyware Attack on Military Mobile Devices\r\nBy bferrite\r\nPublished: 2018-07-05 · Archived: 2026-04-05 19:13:09 UTC\r\nEarlier this week, Israeli security agencies announced that the Hamas terrorist organization had installed spyware\r\non Israeli soldiers’ smartphones in its latest attempt to collect information on its long time enemy. About 100\r\npeople fell victim to the attack that came in the form of fake World Cup and online dating apps that had been\r\nuploaded to the Google Play Store, the official app store of Google.\r\nOnce the apps were installed onto the victims’ phones, the highly invasive malware was then able to carry out a\r\nnumber of malicious activities:\r\nRecord the user’s phone calls.\r\nTake a picture when the user receives a call.\r\nSteal the user’s contacts.\r\nSteal the user’s SMS messages.\r\nSteal all images and videos stored on the mobile device and information on where they were taken.\r\nCapture the user’s GPS location.\r\nTake random recordings of the user’s surroundings.\r\nSteal files and photos from the mobile device’s storage.\r\nThis attack involved the malware bypassing Google Play’s protections and serves as a good example of how\r\nattackers hide within legitimate apps which relate to major popular events and take advantage of them to attract\r\npotential victims.\r\nIndeed, while many like to imagine and predict a ‘Cyber 9/11’ and other ways in which terrorism could play a role\r\nin today’s hyper-connected world, this latest attack demonstrates a more realistic picture of how terrorists use\r\nmalware to carry out their attacks.\r\nBut it is not the first time these tactics have been used, either against this specific target or other government\r\nagencies around the world. In early 2017, the Viperat spyware targeted Israeli soldiers serving around the Gaza\r\nstrip, leveraging social engineering techniques to steal photos and audio files from their smartphones. In March\r\n2016, ‘SmeshApp’, a calling and messaging app on Google Play store, was allegedly used by Pakistan in to spy on\r\nIndian military personnel and again in 2016, a Russian APT group was suspected of using Android spyware to\r\ntrack Ukrainian field artillery units.\r\nHowever, these cases of espionage do not only affect militaries and governments but rather serve as just another\r\nexample of how cyber threats are evolving and continue to use mobile as their attack vector. Furthermore, whether\r\nthese threats come from non-state actors or cyber-crime gangs, they often use sophisticated techniques and\r\nmalware to bypass traditional controls to reach their target.\r\nhttps://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/\r\nPage 1 of 3\n\nRegardless of where these campaigns are targeted, though, they serve as a reminder as to how much we rely on\r\nour mobile devices as our main tool of communication and how much personal, as well as work related,\r\ninformation they contain. It certainly provides food for thought as to the measures government agencies, armed\r\nforces and enterprise corporations alike should take into account in order to protect their staff and network from\r\noutside threats.\r\nWith consumers and company employees often using their smartphones as the preferred method of accessing the\r\ninternet, corporate resources, or storing private information, knowing which apps get downloaded onto them\r\nshould very much be a priority, for both them and their organization, in order to protect the data they store.\r\nFurthermore, although third party app stores do all they can to block malicious apps from being uploaded,\r\nsophisticated attacks such as this will always find a devious way of bypassing them, making on device protection\r\neven more necessary.\r\nSandBlast Mobile: The Advanced Threat Prevention Solution\r\nCyber thieves and unwanted parties know that without the right protection the information on our smartphones\r\nand tablets is theirs for the taking. But what is the right protection for our mobile devices?\r\nOrganizations and consumers alike need an innovative approach to mobile security for both iOS and Android\r\ndevices that detects and stops mobile threats before they start. Whether your data is at rest on a device or in flight\r\nthrough the cloud, Mobile Threat Prevention helps protect you from vulnerabilities and attacks that could put that\r\ndata at risk.\r\nIndeed, the technology used by Check Point’s SandBlast Mobile provides a complete mobile security solution that\r\nprotects devices from threats on the device (OS), in applications, and in the network, and delivers the industry’s\r\nhighest threat catch rate for iOS and Android. This fifth generation advanced technology uses malicious app\r\ndetection to find known and unknown threats by applying threat emulation, advanced static code analysis, app\r\nreputation and machine learning.\r\nIn addition, it safeguards devices from unprotected Wi-Fi® network access and Man-in-the-Middle attacks and\r\nstops access to the network when a threat is detected. It also uses real-time risk assessments at the device-level\r\n(OS) to reduce the attack surface by detecting attacks, vulnerabilities, changes in configurations and advanced\r\nrooting and jailbreaking. Provision for flexibility is also made by allowing organizations to set adaptive policy\r\ncontrols based on unique thresholds for mitigation and elimination of threats on the device.\r\nAfter all, wherever there is sensitive data, whether it be on the smartphone of military personnel or a company\r\nemployee, there will always be those who find that data valuable for their own gain. As a result, government\r\nagencies and companies of all sizes cannot afford to let this information remain unprotected and are advised to\r\nprotect these devices today, before they fall victim to the next mobile surveillance campaign.\r\n———————————————————————————————————————————–\r\nFor enterprises, read more about Check Point’s Sand Blast Mobile, and for consumers Check Point’s Zone Alarm\r\nMobile, to learn how you can protect devices from malicious and invasive mobile malware and the type of threats\r\nthat could impact your business.\r\nhttps://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/\r\nPage 2 of 3\n\nSource: https://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/\r\nhttps://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/"
	],
	"report_names": [
		"an-invasive-spyware-attack-on-military-mobile-devices"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434602,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/809c54cadd3d32cb5c74b0b3e407ef90b9f398ce.pdf",
		"text": "https://archive.orkl.eu/809c54cadd3d32cb5c74b0b3e407ef90b9f398ce.txt",
		"img": "https://archive.orkl.eu/809c54cadd3d32cb5c74b0b3e407ef90b9f398ce.jpg"
	}
}