Hamas using apps to develop social engineering attacks targeting Israeli military

• Hamas “took a page right out of the North Korean online handbook” and created apps specifically targeting Israeli soldiers.
• Hamas is believed to be responsible for the Golden Cup app that targeted victims during the Football World Cup.

The historic and ongoing clashes between Palestine and Israel has resulted in the emergence of various kinds of warfare. However, the dispute between the two nations has now also pervaded cyberspace. Hamas, one of the most prolific and the largest Palestinian militant group, has been using social engineering tactics to target Israeli military personnel.

According to security expert and former CIA official Christopher Burgess, Hamas “took a page right out of the North Korean online handbook” and created apps to specifically target Israeli soldiers. So far, Hamas is believed to have been responsible for the creation of the Golden Cup app that targeted Israelis during the 2018 Football World Cup.

Fake apps galore

The palestinian group is also believed to have developed several fake dating apps, such as “GlanceLove” and fake chat apps like “WinkChat”.

“The reality is that, once downloaded, the apps allowed Hamas to geolocate the individual, access the user’s data on their phone and operate it remotely,” Burgess wrote as a guest blogger in Threat Vector’s blog. “The standard fake profiles, using model photos on various social networks, including Facebook, continue to be used to engage Israeli military personnel. Once engaged, the elicitation begins, followed by the provision of a payload via a link to compromise the user’s device.”

Although it is still unclear as to whether any Israeli soldiers fell for the World Cup app campaign, the Israeli government acknowledged that around 100 military personnel succumbed to the dating app scams.

“While the Hamas effort was clearly geopolitically inspired, it is easy to see how these techniques can transfer to the competitive trenches of commerce,” Burgess added. “The public perception that the security checks provided by Google and Apple prior to allowing apps into their stores is comprehensive, is now cast into question.”