The Islamic State’s propaganda arm, Amaq, issued a warning Wednesday after its website was compromised in a manner that made visitors susceptible to cyberattacks.
Amaq took to its Telegram account on Wednesday after learning that individuals who attempted to load its website were being asked to download a covert piece of malware.
“Warning! Amaq’s website has been penetrated and requests downloading a virus file disguised as a Flash installer. Please exercise caution,” the propaganda outlet warned Wednesday, according to a translation shared by independent researcher Raphael Gluck.
Vice.com’s tech news website Motherboard obtained a copy of the bogus Flash installer from Mr. Gluck this week and said the file appeared to be a widely-known piece of malware designed to give an attacker backdoor access to a victim’s computer.
“This remote-access-tool (RAT) has the capability to steal credentials, take screenshots, take pictures or video through the webcam, log keystrokes and transfer files. This tool has been around since at least 2013 and is very common due to a leaked builder and server freely available on low-level criminal forums that allows the attacker to create their own customized RAT,” Willis McDonald, a threat researcher at Boston-based IT firm Core Security told Motherboard.
“The attack appears to have specifically targeted Amaq after pinning down a specific vulnerability, which indicates a more targeted attack rather than a random one,” Laith Alkhouri, a co-founder of the cyber intelligence firm Flashpoint, told SecurityWeek.