An ISIS-supporting cybersecurity group warned followers of the terror group that installing a Google Play app would leave them vulnerable to surveillance by intelligence agencies.
The alert was issued by the Electronic Horizons Foundation, which launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.
EHF released a 24-page cybersecurity magazine for ISIS supporters last May that walks jihadists through step-by-step security for smartphones — while encouraging them to use a computer instead for more secure terror-related business — and warns of “nightmare” Microsoft Windows collecting user data from geolocation to browsing history.
The new EHF “important warning” distributed online told supporters that “spies of intelligence agencies are using a new method to track down supporters through Google Play Store.”
“One of the spies,” EHF said, uploaded a custom app that “collects identifiable information of android phones.”
“Then he targets and communicates with supporters by claiming that they have received a money transaction, and they need to install the application in order to receive it,” the alert continued. “Beware of installing or using suspicious apps promoted by unknown individuals, whether it’s an APK file or uploaded to app stores. Intelligence mercenaries are trying to use users’ trust in the app store in order to target supporters using malicious apps uploaded to the app store.”
The app named by EHF is advertised on Google Play as a highly secure messaging app with end-to-end encryption. Concerned about the security of their information on social media and Telegram messenger, EHF recently has been trying to steer ISIS followers toward using the Element messenger.
EHF last year urged followers to use alternate operating systems such as Qubes, Tails or Whonix. The ISIS cyber group has also highlighted “wrong security practices” including browsing the internet without Tor or VPN, downloading apps from third-party sources, failing to encrypt the device or storage devices, neglecting to install security updates, failing to use fake credentials on social media, and using social media via apps instead of logging on through a browser. Jihadists have also been warned against opening potentially malicious links that can open them to a security breach.
In fall 2019, EHF announced a new project intended to better develop the cyber skills of jihadists called the Talaea Al-Ansar Foundation in conjunction with Bank al-Ansar, an ISIS propaganda outlet that claims to have set up ISIS supporters with thousands of Facebook and Twitter accounts — relieving the online jihadists from having to use personal information to register on the social media services.
The foundation, billed as an “educational foundation which aims to train and develop the technical and media skills of Ansar Al-mujahideen on the internet,” also pitched “coordination with specialists in media and technology fields” and supporting online jihadists with “materials and the required tools.” They also vowed to focus on “spreading security awareness” through “different methods to face the security threats which target us” in jihadist circles.
In June 2019, the EHF highlighted the vulnerability of some million devices to the “BlueKeep” Microsoft flaw dubbed “potentially wormable” by the National Security Agency.
The EHF has also released a series of print and video tutorials covering a range of mobile security and dark-web how-tos for fellow ISIS supporters, along with weekly tech bulletins to educate ISIS followers about current cybersecurity trends and vulnerabilities.