Supporter of Houthi Faction Targets Yemen Aid Organizations with Android Malware
A potential supporter of the Houthi faction targeted no fewer than three humanitarian organizations in Yemen with Android spyware crafted to extract confidential information.
These assaults, linked to a group of operations known as OilAlpha, entail a recent collection of harmful mobile applications accompanied by their own auxiliary setup, as reported by the Insikt Group of Recorded Future announced.
The ongoing operation’s objectives encompass CARE International, the Norwegian Refugee Council (NRC), and the Saudi Arabian King Salman Humanitarian Aid and Relief Centre.
“The OilAlpha threat group is highly likely to be actively involved in carrying out targeted actions against humanitarian and human rights organizations operating in Yemen, as well as possibly across the Middle East,” stated the cybersecurity corporation.
The OilAlpha group was initially initially identified in May 2023 in association with a campaign of espionage targeting development, humanitarian, media, and non-governmental entities in the Arabian peninsula.
These attacks made use of WhatsApp to spread harmful Android APK files by posing as associated with legitimate organizations like UNICEF, ultimately leading to the deployment of a virus strain identified as SpyNote (also known as SpyMax).
The recent series discovered in early June 2024 involves applications that allege an association with humanitarian relief programs and camouflage themselves as entities like CARE International and the NRC, both of which actively operate in Yemen.
Once these applications, housing the SpyMax trojan, are installed, they request invasive permissions, which in turn enable the theft of user data.
OilAlpha’s operations also feature a component for gathering credentials that employs a series of counterfeit login pages mimicking these organizations to obtain users’ login details. It’s believed that the objective is to conduct espionage activities by gaining access to accounts linked with the affected entities.
“Houthi militants have continuously attempted to restrict the distribution and transportation of international humanitarian aid and have profited by levying taxes and reselling aid materials,” Recorded Future reported.
“One potential rationale for the noted cyber targeting could be intelligence collection to facilitate actions aimed at controlling the distribution of aid and overseeing its delivery.”
This occurrence follows shortly after Lookout connected a Houthi-affiliated threat actor to another operation involving surveillance software, which delivers an Android data-collecting tool named GuardZoo to targets in Yemen and other Middle Eastern countries.
About Author
