EnglishMalware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones).
Malware can be installed on a device:
- Remotely, with interaction from the target. This is typically done through phishing,[1] which often requires the target to open a malicious file or link.
- Remotely, without interaction from the target. This type of malware is often very expensive for the adversary. An example of malware that has been able to install itself without interaction from the target is Pegasus.[2]
- By physically accessing the device.
See also:
- “It Could Be Harmful! Spyware Installation Through Social Engineering Attacks in Italy” for an example of malware installed through phishing.
- The “Targeted malware” topic.
Used in tactics: Incrimination
Mitigations
| Name | Description |
|---|---|
| Compartmentalization | If an adversary installs malware on a Tails[3] USB stick or a Qubes OS[4] virtual machine that you use for different digital identities, they can tie the different identities together. To mitigate this, you can use different Tails USB sticks or Qubes OS virtual machines for different digital identities. |
| Computer and mobile forensics | You can use computer and mobile forensics to detect traces of malware on a device on which malware is or was installed. |
| Digital best practices | You can follow digital best practices to make it harder for an adversary to install malware on your digital devices. For example, you can: |
| Encryption | You can encrypt “in-motion” data to make it harder for an adversary to install malware through network packet injection, an installation vector for some malware, such as Pegasus.[7] |
Used in repressive operations
| Name | Description |
|---|---|
| Repression of Lafarge factory sabotage | Investigators made five requests to remotely install spyware.[8] Of these, one installation was successful (on an iPhone SE 2020) and provided access to a Signal group conversation. |
| Arrest of Stecco | Investigators attempted to install malware on the smartphone of someone under surveillance.[9] They sent the person an SMS with a link. If the person had clicked on the link, the malware would have been installed, allowing investigators to listen to conversations through the smartphone's microphone. But the person did not click on the link, so the malware was not installed. |
| Scripta Manent | Malware was installed on the computer of one of the defendants.[10] The malware, which was installed remotely over the Internet, targeted a Windows computer and was capable of recording text typed on the keyboard, taking periodic screenshots, and recording communications sent and received to and from the computer. |