An anonymous reader quotes the EFF:
The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.
The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks
, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to peopleâ(TM)s phones to install the fake apps."