A threat actor believed to be part of the Molerats hacking collective has been observed using voice changing software in order to trick victims into installing malware on their devices.
Active since at least 2012, the Palestine-based Molerats group typically targets political parties in Palestine and the Israeli government, but also has been known for its attacks against Western governments.
A sub-group of Molerats, tracked by security researchers as APT-C-23, usually relies upon social engineering to convince targets to install their malware. The group was previously observed impersonating women in cyber-espionage campaigns that used social media sites to target soldiers in the Israel Defence Forces.
According to a new report from Cado Security, in recent attacks APT-C-23 took spear-phishing to a new level - the hackers began using voice-changing software called Morph Vox Pro to pose as women (the group’s members identified so far are all men). The tool likely has been used to record audio messages in a female voice to convince victims to install malware, the researchers said.
While analyzing a publicly exposed server linked to the hacking group, Cado Security found an archive containing photos from the Instagram account of a female model, as well as tools employed by the attackers. These tools included an application used to bulk-send phishing emails, a tool to hack Voice over IP systems, a file containing example commands to find vulnerable routers, and a folder with a credential phishing page for Microsoft accounts.