We already know that the ISIS militant group is socially savvy. It's made use of social media sites like Twitter to promote its cause, spread terror-related messages and even recruit followers. Now, it appears the group might be expanding its cyber profile. Some new malware has popped up that could have been created by ISIS.
The malware is very basic and was sent to members of Raqqa is being Slaughtered Silently (RSS), a Syrian opposition group and ISIS enemy. The RSS is bent on exposing ISIS' extreme cruelty towards citizens in the city of Raqqa. RSS posts photos to its Twitter page showing just how cruel ISIS has been towards the people of Raqqa.
RSS also reports coalition airstrike hits against ISIS and warns Raqqa residents about new strict Sharia rules the militants impose on them.
It's not clear exactly who sent the malware - the Syrian government is also not a fan of RSS and has used malware in the past. But, there is quite a bit of evidence that points the finger at ISIS instead.
The malware targeting RSS members is very simple and actually contains some errors, but it gets the job done. Whoever is using it sends a phishing email to intended targets claiming to be a Syrian opposition member living in Canada.
"We are preparing a lengthy news report on the realities of life in Raqqah," the email reads. "We are sharing some information with you with the hope that you will correct it in case it contains errors."
The email includes attached photos and gives the recipient a link to a file sharing site where they can download more photos. But, when the user visits the site, malware begins installing on their computer.
The malware isn't as complex as the stuff I usually tell you about. It doesn't shut down the computer, keylog activities or even take much information. All it does is send IP address information and details about the user's computer back to an email address.
The malware likely isn't from the Syrian government. The government has used more complex Remote Access Trojans in the past that collect more information than this malware. It just doesn't fit its M.O.
Rather, the malware is extremely simple and looks like it was designed by amateur hackers who just want to find a recipient's physical location. That points the finger at ISIS, who could use this information to locate RSS members in Raqqa.
Find his Internet café or apartment; haul him in; punish him -- or execute him. That's probably the idea, The Citizen Lab said.
The malware even contains some flaws. It's not encrypted correctly, leaves a password exposed and contains other bugs. But, those could actually work to its advantage.
"The program looks less like malware, and may attract less attention from endpoint protection tools and scanners. Detections were low when the file was first submitted to VirusTotal, for example. It registered only 6/55 detections by anti-virus scanners, or a 10% detection rate."