Researchers at ESET have discovered a new mobile espionage campaign targeting the Kurdish ethnic group. The campaign has been active since March 2020 and is distributing two Android backdoors known as 888 RAT and SpyNote via dedicated Facebook profiles. ESET researchers identified six different Facebook profiles distributing the Android spying apps as part of this campaign. The profiles appear to be providing news in Kurdish and news for supporters of the Kurds. ESET has attributed the operation to the BladeHawk advanced persistent threat group. Most of the Facebook public groups were supporters of Masoud Barzani, the former President of the Kurdistan Region.
In total, the Facebook groups in which the spyware was distributed had amassed 11,000 followers. The Facebook profiles have since been reported and taken down. Two of the uncovered profiles were aimed at tech users while the other four posed as Kurd supporters, according to ESET. Researchers also discovered 28 unique posts that belonged to the campaign, each of them containing fake app descriptions and links. ESET researchers were able to download 17 unique APKs from the posts. The spying apps were reportedly downloaded 1,418 times.
Read More: ESET Research Uncovers Latest BladeHawk Campaign, Android Espionage Against Kurds