Syrian activists targeted with fake Skype encryption tool that installs spyware
As the Syrian revolution continues to unfold, a new chapter in the country’s cyber-warfare is currently being written. According to an EFF report, Syrian activists are being targeted with spyware that is disguised as encryption software. A digital wolf in sheep’s clothing.
It follows hot on the heels of another fake Skype encryption application discovered by TrendMicro, which delivered a Trojan called Dark Comet 3.3 onto activist computers. The one discovered by EFF can be found at http://skype-encryption.sytes.net/.
When activists download the application, “Skype Encryption v2.1″ appears in the user’s downloads folder. When the application is launched, users are given the option to “Encrypt” or “Decrypt.” If users click “Encrypt,” a message appears telling users to wait for encryption. Once the Trojan has been downloaded onto a computer, the application launches a window that reads “Your Connections are Now Completely Encrypted !”
According to EFF, the Trojan is being downloaded from http://220.127.116.11/SkypeEncryption/Download/skype.exe, the same site from which various other Trojans have come, as reported by TrendMicro, Symantec, Cyber Arabz and by EFF itself.
Once installed, DarkComet is able to capture webcam activity, disable notification settings for specific antivirus programs, record key strokes, and steal passwords. EFF notes that unlike the DarkComet version discovered by TrendMicro, this version “is not detectable by any anti-virus software at this time.”
It’s terrifying to imagine that a regime as murderous as Syria’s could be watching its activists in such an Orwellian way. Hopefully Syrian hacktivists, with some international help, have a reliable means of encrypting their Skype communications.