Palestinian militant group employs Catfishing and lures Israelian soldiers to install Malicious Apps

Hamas Palestinian militant group executed a catfishing campaign by disguising as teenage girls to lure Israelian soldiers by interacting with them to perform social engineering attacks and install a malicious app on their mobile devices. Brigadier General Hild Silberman, the spokesperson of Israeli Defence Force (IDF) mentioned that they were able to identified and nullified the infections at an earlier state by taking down Hamas network. As General Silberman statement, only a few soldiers were affected by this catfishing attack.

What is Catfishing attack?

The process of faking identities with involvement in deceptive activities like sockpuppet to abuse, troll, or for fraudulent intentions is called as Catfishing attacks. With the development in social media, catfishing attacks are usually launched via dating apps as fake romance scams over a targeted individual or as a common threat. Attackers employ Instagram, Facebook, Twitter or dating apps to execute this methodology.

How did Israeli soldiers became victim to this threat?

Hamas group disguised themselves as a young teenage girls, who immigrated to Israel and aren’t efficient with the Hebrew language. The featured image above represents the six unique fake characters that were created to perform Catfishing on Israeli soldiers. The fake accounts were named as Maria Jacobova, Noa Danon, Rebecca Aboxis, Eden Ben Ezra, Sarah Orlova, and Yael Azoulay. 

Once these fake accounts establish contact with Israeli soldiers they were asked to install few chat apps, called Grixy, Zatu and Catch & See through which the fake accounts had promised to share more images of themselves.

After successful installation, the app shows some crash error and disappears from the application list. This creates a impression for the soldiers that the app had uninstalled itself, however the app remains in the device and continues to spy on soldier’s GPS location, SMS, photos, documents, and can even capture images using the device’s camera. 

Previous cases of catfishing attack

Hamas has already been involved in catfishing attacks in 2017 and 2018, when they deployed malicious dating and world cup apps to infect devices world wide. Catfishing attacks where attractive young girls were used for luring western military officials was executed by another militant group in Lebanon called Hezbollah. 

Social engineering is evolving everyday, beware of fake account and catfishing attacks to keep your data safe and secured. Establishing communication only with the trusted entity, and avoiding the download of malicious apps or clicking on the links they share could be the first step against catfishing threats.