A surveillance operation was allegedly conducted by the Pakistan military which collected data from UK, US and Australian officials and diplomats.
Researchers from a US based mobile security company, Lookout found Western officials were unintentionally caught up in a data-gathering operation. For collecting data, it used surveillanceware tools dubbed Tangel (for iOS) and Stealth Mango (for Android).
According to the Business Insider, Lookout researchers claimed that members of Pakistani military hacked data of civilians, government officials, diplomats, and military personnel in Pakistan, India, Iraq and the UAE.
Around 15gb of data has been compromised. People were mainly targeted through phishing messages, linked to a third-party Android app store. The surveillance ware application helped access the phone’s GPS location, its text messages, audio recordings, photos, calendars, contact lists for apps including Skype. It could also detect when a person being tracked, was driving and turned off SMS and data connection.
Sometimes, victims were sent app store URL via Facebook messenger. This, according to Lookout suggests, fake identities were used by the attackers to connect with their targets and forced them to installing the malware in their devices.
Unknowingly, the persons targeted by the hackers gave out vital information about themselves. It included the access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.
The data of officials and civilians from the US and Iran and that of British and Australian diplomats was compromised only after they interacted with Stealth Mango victims.
The data compromised majorly included photos of Afghan and Pakistani military officials, a letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence, a letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs.
Details of visits to Quetta, Balochistan, Pakistan by Australian and German Diplomats were tracked too.Lookout believes the app was created by freelance developers in Pakistan, India and the US. But it is managed by Pakistan military mostly.The main app developer is considered to be a full-time app creator, who once worked for a company in Sydney, Australia, Lookout suspects.
Google on being contacted by Lookout regarding the same said Google Play Protect has been updated to protect users devices and data.There is no information on when Stealth Mango was launched, however, in April 2018 its latest release was made.