Egypt used Google Play in spy campaign targeting its own citizens, researchers say

by
Dan Goodin
from Ars Technica - All content on (#4RS07)
indexy.png

Enlarge / Indexy was removed from Google Play after Check Point researchers discovered it was being used in a campaign to spy on Egyptian citizens. (credit: Check Point Technologies)

Hackers with likely ties to Egypt's government used Google's official Play Store to distribute spyware in a campaign that targeted journalists, lawyers, and opposition politicians in that country, researchers from Check Point Technologies have found.

The app, called IndexY, posed as a means for looking up details about phone numbers. It claimed to tap into a database of more than 160 million Arabic numbers. One of the permissions it required was access to a user's call history and contacts. Despite the sensitivity of that data, those permissions were understandable, given the the app's focus on phone numbers. It had about 5,000 installations before Google removed it from Play in August. Check Point doesn't know when IndexY first became available in Play.

Behind the scenes, IndexY logged whether each call was incoming, outgoing, or missed as well as its date and duration. Publicly accessible files left on indexy[.]org, a domain hardcoded into the app, showed not only that the data was collected but that the developers actively analyzed and inspected that information. Analysis included the number of users per country, call-log details, and lists of calls made from one country to another.

Read 10 remaining paragraphs | Comments

index?i=Bjj4UBJp7gA:fyiYncYIJFU:V_sGLiPB index?i=Bjj4UBJp7gA:fyiYncYIJFU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments