Islamic State news website Amaq attacked by hackers distributing malware
Amaq media has claimed its website was hacked by perpetrators who were spreading malware on the site.
“Warning! Amaq’s website has been penetrated and requests downloading a virus file disguised as a Flash installer. Please exercise caution,” reads an announcement on the pro-Isis news outlet.
Anyone visiting the website’s landing page will be met with a fake Flash update that is actually a malware. A sample of the fake update file accessed by independent researcher Raphael Gluck shows it may be some kind of backdoor to the Windows platform.
Security researcher Willis McDonald at Core Security, who also analysed the malware, said it was a “dropper”. A dropper is a type of malware that is disguised in the form of a software to attack targets via backdoor access.
“This tool has the capability to steal credentials, take screenshots, take pictures or video through the webcam, log keystrokes and transfer files. It has been around since at least 2013 and is very common due to a leaked builder and server freely available on low-level criminal forums that allows the attacker to create their own customised tool,” McDonald told Motherboard.
Amaq, established in 2014 in Syria mainly uses the platform to spread propaganda and “official” announcements and videos related to Isis. Although Isis has never acknowledged Amaq as its own branch, the outlet is known for announcing claims of responsibility for attacks conducted by the terrorist organisation. It was the first outlet to report on Isis’ capture of Palmyra in 2015.