Desert Scorpion
NJCCIC Threat Profile
Original Release Date: 2018-04-17
Desert Scorpion infects devices running Android OS and is believed to be part of a family of malware used for targeted surveillance on individuals in the Middle East - more specifically, Palestinians tied to the political party Fateh. This malware was discovered embedded in a chat application named Dardesh, which was available on the Google Play store and also delivered via social engineering tactics. It infects devices in two stages. The first stage of infection occurs when the victim downloads, installs, and interacts with the chat app. Once the first stage is complete, the app establishes contact with a C2 server, which then drops the malicious files onto the device, giving the app the ability to record audio, calls, and video, uninstall other apps, send and receive messages, track the user's location, and gather data about the device.
Technical Details
- Ars Technica provides more information about Desert Scorpion here.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.