Anyone considering joining the ranks of Anonymous should be aware that the software tools they use to attack others might well turn on them too.
A report by Bleeping Computer shows that people signing up for the annual #OpIsrael effort, which happens every year on the 7th of April, had been tricked into downloading DDoS tools that contained hidden malware.
For instance, an Android APK that would allow Anonabees to join in with DDoSing Israeli targets included a remote access trojan that gave access to the user's camera, mic, browser, call logs and location.
Stephen Gates, chief research intelligence analyst for NSFOCUS, comments:
"Activists who desire to participate in these Anonymous-led operations must realise that any DDoS tools they download likely come with a host of other intentionally-designed threats.
From Remote Access Trojans (RATs) designed to assume identities and pilfer money, to purpose-built surveillance code that can pinpoint the participants, these free tools are potentially rife with “other” malware.
In addition, the tools may not be designed to allow spoofing, further identifying the IP addresses of those who participate. Using a smartphone to partake in these operations that is connected to a 4G network is never a good idea as well, since mobile operators will likely be able to pinpoint the sources of attacks.
Beware - those who wish to participate, may end up becoming the victim themselves."
It shouldn't surprise anyone that you can't entirely trust a random Twitter account handing out free tools to join a nebulous, nefarious attack, but apparently some people were. Hopefully they'll stick to posting mean YouTube comments from now on. [Bleeping Computer]