8 April 2021

Cyberspies caught using voice changing software to trick victims into installing malware


Cyberspies caught using voice changing software to trick victims into installing malware

A threat actor believed to be part of the Molerats hacking collective has been observed using voice changing software in order to trick victims into installing malware on their devices.

Active since at least 2012, the Palestine-based Molerats group typically targets political parties in Palestine and the Israeli government, but also has been known for its attacks against Western governments.

A sub-group of Molerats, tracked by security researchers as APT-C-23, usually relies upon social engineering to convince targets to install their malware. The group was previously observed impersonating women in cyber-espionage campaigns that used social media sites to target soldiers in the Israel Defence Forces.

According to a new report from Cado Security, in recent attacks APT-C-23 took spear-phishing to a new level - the hackers began using voice-changing software called Morph Vox Pro to pose as women (the group’s members identified so far are all men). The tool likely has been used to record audio messages in a female voice to convince victims to install malware, the researchers said.

While analyzing a publicly exposed server linked to the hacking group, Cado Security found an archive containing photos from the Instagram account of a female model, as well as tools employed by the attackers. These tools included an application used to bulk-send phishing emails, a tool to hack Voice over IP systems, a file containing example commands to find vulnerable routers, and a folder with a credential phishing page for Microsoft accounts.

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021