Palestinian Sunni-Islamist fundamentalist organization Hamas has been accused by the Israel army’s intelligence directorate for building fake dating and FIFA World Cup 2018 applications to entice soldiers into downloading malware on to their mobile phones with the intention to gather sensitive information about the military activities around Gaza strip.
According to reports, several Israel Defence Forces (IDF) personnel were contacted through social media to download dating apps like WinkChat and GlanceLove. Hamas also created bogus profiles with the stolen identities of young women, asking to chat on WhatsApp and interact with soldiers and later requesting them to download their Trojan Horse apps on Google Play Store. The applications allowed the creators to know the user’s location, contact list, access the phone’s audio device to tap calls as well as access video camera to monitor activities. The operation targeted Android phone users. “Whatever you can do with your phone, the malicious content can do,” reported The Guardian. Apparently, Hamas could film the activities on Israel Defense Forces bases without the soldier’s knowledge of the hack.
The other bogus app called Golden Cup shared World Cup live scores. It was advertised to advertised to soldiers in Hebrew on Facebook. It even streamed videos of previous tournaments and listed details of each team. According to the official, “It was actually a very good one.”
But Hamas didn’t stop there. It also used a fitness app to identify the phone numbers of soldiers who went jogging near the Gaza strip. As soon as Hamas had access to these numbers, the soldiers were requested to download the apps.
Fortunately, the attack couldn’t gather its desired intel, as most soldiers who were approached to download the app either refused or reported the incident to their seniors. The number of personnel who downloaded the apps were conceded, though the military said, “less than 100 installed at least one program on their phones.” The IDF unit responsible for identifying the hack called it ‘Operation Broken Heart’, as it failed to honeytrap military personnel. Apparently, both men and women were targeted in the operation by Hamas. On the downside, the fundamentalist front may have gathered information on a number of Israeli bases and the armored vehicles stationed there.
“Perhaps a little suspicion could have saved the soldiers from falling into Hamas’ trap, but what’s really impressive about this attack is the way it exploited the infrastructure provided by giant technology companies,” wrote Oded Yaron a Haaretz Contributor. “Google’s Android system has been criticized for years as less secure than Apple’s iOS, and Google has tried repeatedly to prove that it’s fixing the problem by beefing up its protections. Last year, for instance, it unveiled Google Play Protect — a platform that provides improved protection for users, both on their devices and Google Play, the company’s digital app store.”