ISIS IT Group Warns of Vulnerability of Google Play Store Messaging App

If you’re not a foam-flecked jihadi, this is still sound advice. Be careful what you install and how you use IT…:

An ISIS-supporting cybersecurity group warned followers of the terror group that installing a Google Play app would leave them vulnerable to surveillance by intelligence agencies.

The alert was issued by the Electronic Horizons Foundation, which launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.

EHF released a 24-page cybersecurity magazine for ISIS supporters last May that walks jihadists through step-by-step security for smartphones — while encouraging them to use a computer instead for more secure terror-related business — and warns of “nightmare” Microsoft Windows collecting user data from geolocation to browsing history.

The new EHF “important warning” distributed online told supporters that “spies of intelligence agencies are using a new method to track down supporters through Google Play Store.”

“One of the spies,” EHF said, uploaded a custom app that “collects identifiable information of android phones.”

“Then he targets and communicates with supporters by claiming that they have received a money transaction, and they need to install the application in order to receive it,” the alert continued. “Beware of installing or using suspicious apps promoted by unknown individuals, whether it’s an APK file or uploaded to app stores. Intelligence mercenaries are trying to use users’ trust in the app store in order to target supporters using malicious apps uploaded to the app store.”

The app named by EHF is advertised on Google Play as a highly secure messaging app with end-to-end encryption. Concerned about the security of their information on social media and Telegram messenger, EHF recently has been trying to steer ISIS followers toward using the Element messenger.

EHF last year urged followers to use alternate operating systems such as Qubes, Tails or Whonix. The ISIS cyber group has also highlighted “wrong security practices” including browsing the internet without Tor or VPN, downloading apps from third-party sources, failing to encrypt the device or storage devices, neglecting to install security updates, failing to use fake credentials on social media, and using social media via apps instead of logging on through a browser. Jihadists have also been warned against opening potentially malicious links that can open them to a security breach.

[…]

Original article