Desert Scorpion

Desert Scorpion infects devices running Android OS and is believed to be part of a family of malware used for targeted surveillance on individuals in the Middle East - more specifically, Palestinians tied to the political party Fateh. This malware was discovered embedded in a chat application named Dardesh, which was available on the Google Play store and also delivered via social engineering tactics. It infects devices in two stages. The first stage of infection occurs when the victim downloads, installs, and interacts with the chat app. Once the first stage is complete, the app establishes contact with a C2 server, which then drops the malicious files onto the device, giving the app the ability to record audio, calls, and video, uninstall other apps, send and receive messages, track the user's location, and gather data about the device.

Technical Details

  • Ars Technica provides more information about Desert Scorpion here.