Tag Archives: Malware

Maliciously Repackaged Psiphon Found

In the past 24 hours The Citizen Lab has identified a maliciously repackaged copy of the popular circumvention software Psiphon 3. This post describes the malware and outlines steps to be taken.

Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns

In this report, Citizen Lab researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin outline how pro-government attackers have targeted the Syrian opposition, as well as NGO workers and journalists, with social engineering and “Remote Access Tools” (RAT)

Targeted Threat Index

The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 as part of the talk “RATastrophe: Monitoring a Malware Menagerie” by Katie Kleemola, Seth Hardy, and Greg Wiseman.

Citizen Lab at SecTor to discuss malware targeting human rights activists and NGO workers

October 8, 2013

Surtr: Malware Family Targeting the Tibetan Community

In this post, we report on “Surtr”, a malware family that has been used in targeted malware campaigns against the Tibetan community since November 2012

Permission to Spy: An Analysis of Android Malware Targeting Tibetans (updated)

This blog post reports on a malware attack in which a compromised version of Kakao Talk, an Android-based mobile messaging client, was sent in a highly-targeted email to a prominent individual in the Tibetan community. The malware is designed to send a user’s contacts, SMS message history, and cellular network location to attackers. This post was updated on 18 April 2013.

Update to “Permission to Spy: An Analysis of Android Malware Targeting Tibetans” in Tibetan: གསང་མྱུལ་བར་ཆོག་མཆན། ཨན་སྒྲོ་དྲ་འབུ་ཅན་གྱི་མཉེན་ཆས་ཤིག་གིས་བོད་རིགས་རྣམས་དམིགས་འབེན་ཏུ་བཟུང་བའི་སྐོར་ལ་བརྟག་དཔྱད།

This is the update to “Permission to Spy: An Analysis of Android Malware Targeting Tibetans”, written in Tibetan language.

Hackers attack European governments using ‘MiniDuke’ malware

Source: Josh Halliday, The Guardian

Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania, in a complex online assault seen rarely since the turn of the millennium.

APT1′s GLASSES – Watching a Human Rights Organization

In this research brief, Seth Hardy describes malware (“GLASSES”) sent in 2010 that is a simple downloader closely related to malware described by Mandiant in their APT1 report. GLASSES appears to be a previous version of malware called GOGGLES by Mandiant, and was sent in a highly targeted email to a Tibetan human rights organization, demonstrating that APT1 is involved in more than just industrial and corporate espionage.

Senior Security Analyst Seth Hardy interviewed on Radio Canada International

RCI’s Wojtek Gwiazda spoke to Seth Hardy about recent Citizen Lab research on targeted attacks against human rights organizations and others, including the Dalai Lama.