The Israeli military on Sunday said it has thwarted an attempt by Palestinian militant group Hamas to hack soldiers’ phones by posing as young, attractive women on social media, striking up friendships and persuading them into downloading malware.
Lt. Col. Jonathan Conricus told reporters that the phones of dozens of soldiers had been infected in recent months, although he said the army detected the scam early on and prevented any major secrets from reaching Hamas.
“We do not assess there is any significant breach of information,” the military spokesman said.
Conricus said this was the third attempt by Hamas to target male soldiers through fake social media accounts, most recently in July 2018. But he said this latest attempt was by far the most sophisticated.
He said Hamas used a number of social media platforms, including WhatsApp, Facebook, Instagram and Telegram, to make contact with unsuspecting soldiers. Posing as young women on social media, the group struck up friendships with the soldiers, sending photos, texts and voice messages to them.
The “women” claimed to be new immigrants to explain their poor Hebrew, and even claimed to be deaf or hard of hearing as an excuse for texting, instead of speaking directly on the phone, Conricus said. The profiles appeared on multiple platforms, and he said the photos were disguised to make it difficult to “reverse track” them, giving the accounts additional authenticity.
“We see that the level of social engineering is much higher and much more advanced and sophisticated when compared to previous attempts done by Hamas,” he said. “We see that they’re of course learning and upping their game.”
Eventually, they sent the soldiers links to “seduce” them into downloading what they said was a Snapchat-like app to exchange photos that could quickly disappear, Conricus said. In reality, the links were to three malware programs - Catch&See, ZatuApp and GrixyApp - that allowed Hamas to gain access to the soldiers’ phones.
He said it was “very clear” that Hamas was behind the effort. He said the malware linked to known Hamas servers and at least one of the profiles had been used in a previous Hamas scam.
There was no immediate comment from Hamas.