Attackers use voice changing software to deceive their victims

Specialists of the information security company Cado Security discovered that hackers from the Molerats group (aka Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal and Moonlight) use voice-changing software to deceive their victims: they change a male voice to a female one.

The Molerats group has been active since at least 2012 and mainly attacks organizations in the Middle East. The hack group APT-C-23, which is believed to be part of Molerats, usually uses social engineering to force its victims to install malware.

So, earlier researchers have already observed that hackers impersonate women and get acquainted with the soldiers of the Israel Defence Forces on social networks. At the same time, experts know for sure that all members of the group are men.

This time, the participants in APT-C-23 went even further. A phishing campaign targeting politicians, discovered by researchers, was based on the fact that attackers used special software to change the voice to impersonate women, and then “involved the victims in conversations.” When social engineering worked, hackers tricked users into installing malware.

“Other analysts have reported on manipulated images being used to enable misinformation in the wider Israeli-Palestinian Conflict. And there have been previous reports of fraudsters using DeepFake audio impersonations. But this is the first time we’re aware of evidence, albeit indirect, of attackers using voice changing software to enable espionage”, — Cado Security specialists told.

When analyzing a publicly available server related to the group, Cado Security researchers found an archive containing photos from the Instagram model’s account, as well as an installer for the Morph Vox Pro voice changer.

On the same server, experts found various tools used in the attacks: an application for mass mailing of phishing emails, an application for hacking VoIP systems, a search tool for vulnerable routers, and a folder containing a phishing page for collecting Microsoft data scientists.

Let me remind you that Attackers could exploit the vulnerabilities of Alexa and Google Home to phishing and spying on their users, and also that Hacked Oxford server was used for phishing attacks on Office 365.