Togo-Amnesty International detects new spywares

In a report published on October 7, Amnesty International’s computer security researchers say they identified two spyware sent to a human rights activist in Togo.

In December 2019, a human rights activist residing in Togo receives a series of strange messages on the WhatsApp application.

His correspondent, who writes to him in English from an Indian number, pretended to be an acquaintance and asks him to install another messaging application to continue the conversation.

Suspicious, the activist contacted Amnesty International and passed the installation file to the organization’s IT experts.

After analysis, the “messaging” in question mainly conceals the spyware StealJob, capable of sucking up, without the knowledge of its user, a great deal of information, such as geolocation or SMS, of capturing WhatsApp messages in real time and to record calls made by the mobile phone.

Less than a month later, another suspicious message reaches the same activist, this time to his inbox.

A little more subtle, and written this time in French, the email prompts him to download an attachment, which also contains spyware, for Windows this time, asoftware already linked in the past to a group called Donot Team, believed to operate primarily from and to Southeast Asia.

Trapped links and corrupted files
Amnesty International’s computer security researchers were able to trace the trail left by hackers who targeted this human rights activist in Togo.

They discovered an infrastructure, partially poorly concealed and used to send trick links and corrupted files to hundreds of recipients.

The Internet Protocol (IP address of a machine on the network) addresses of these targets were overwhelmingly located in Pakistan, Kashmir and, to a lesser extent, India and Bangladesh.

A distribution that matches the Donot Team targets already observed in the past.

The servers identified by Amnesty International researchers are used by a private company, Innefu Labs, located in India.

On its site, the latter presents itself as a “cyber security research and development start-up” and lists among its clients the Indian army and the Border Security Force (BSF), the powerful police force responsible for surveillance, monitoring and defending the country’s borders with Pakistan and Bangladesh.

The CVs and LinkedIn profiles of several company employees seem to indicate that designing or improving spyware is part of their job.

Therefore, Amnesty international calls on the Togolese government “to ensure that everyone, including activists, is protected from human rights abuses, and to investigate and redress any harm caused by cyberattacks carried out by private sector actors.”

The NGO also calls on “the Indian government to investigate cyberattacks linked to Innefu Labs and take urgent action to ensure India-based surveillance companies are not involved in the targeting of activists – which is unambiguously illegal under international human rights law”.

Leave a Reply

Your email address will not be published. Required fields are marked *