Today cybersecurity researchers just discovered a sophisticated and targeted mobile hacking campaign that can hack anyone with one-click exploits for iOS and Android devices.
Those new exploits are known as Poison Carp, they represent tailored malicious web links that reach their targets over WhatsApp. During a malware analysis, it was found that after they are opened they exploit the web browser to install spyware on iOS and Android devices stealthily.
The researchers also found that Poison Carp was used in two recently discovered campaigns: against the Uyghur community in China and in the Evil Eye campaign from last month. These new findings come to consolidate the belief that the Chinese ministry sponsors Poison Carp group.
Poison Carp campaign exploits a total of 8 distinct Android browser exploits after the exploits are successful the cyberattack ends with the install of the spyware known as Moonshine.
On iOS, there is only one exploit that will also help hackers to perform a stealthily install iOS spyware on targeted devices.
After the install, the spyware allows hackers to: gain full control of victims device, exfiltrate data including text messages, contacts, call logs, and location data, access the ‘device’s camera and microphone, exfiltrate private data from Viber, Telegram, Gmail, Twitter, and WhatsApp, downloads and install additional malicious plugins.
The same cybersecurity researchers say that this new type of cyberattack represents a significant escalation in social engineering tactics and technical sophistication compared to what we typically have observed in the wild.
Among the victims that were hit by the Poison Carp hackers, we find the Private Office of Tibetan Buddhist leader the Dalai Lama, the Central Tibetan Administration, the Tibetan Parliament, Tibetan human rights groups, and individuals holding senior positions in their respective organizations.
After the disclosure of iPhone hacking campaign, Apple released a patch for the vulnerabilities.
Since none of the iOS and Android vulnerabilities exploited in the campaign is zero-day, users are highly recommended always to keep their mobile devices up-to-date.