8 April 2021

Cyberspies caught using voice changing software to trick victims into installing malware


Cyberspies caught using voice changing software to trick victims into installing malware

A threat actor believed to be part of the Molerats hacking collective has been observed using voice changing software in order to trick victims into installing malware on their devices.

Active since at least 2012, the Palestine-based Molerats group typically targets political parties in Palestine and the Israeli government, but also has been known for its attacks against Western governments.

A sub-group of Molerats, tracked by security researchers as APT-C-23, usually relies upon social engineering to convince targets to install their malware. The group was previously observed impersonating women in cyber-espionage campaigns that used social media sites to target soldiers in the Israel Defence Forces.

According to a new report from Cado Security, in recent attacks APT-C-23 took spear-phishing to a new level - the hackers began using voice-changing software called Morph Vox Pro to pose as women (the group’s members identified so far are all men). The tool likely has been used to record audio messages in a female voice to convince victims to install malware, the researchers said.

While analyzing a publicly exposed server linked to the hacking group, Cado Security found an archive containing photos from the Instagram account of a female model, as well as tools employed by the attackers. These tools included an application used to bulk-send phishing emails, a tool to hack Voice over IP systems, a file containing example commands to find vulnerable routers, and a folder with a credential phishing page for Microsoft accounts.

Back to the list

Latest Posts

Member of FIN7 cybercrime group sentenced to 10 years in prison

Member of FIN7 cybercrime group sentenced to 10 years in prison

Fedir Hladyr served as a manager and systems administrator for FIN7.
19 April 2021
NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

Russia-linked hackers are using vulnerabilities in popular enterprise equipment to gain access to corporate networks.
19 April 2021
WordPress says it will treat Google’s FLoC ad tracking technology as security issue

WordPress says it will treat Google’s FLoC ad tracking technology as security issue

While FLoC is more private than cookies, security experts argue that the technology could pose a risk to privacy if not implemented right.
19 April 2021