<p style="font-weight: 400;">Devastating malware that lets criminals hack into banking accounts, steal data, and spy on computer users is suspected of being linked to terrorist group <a href="https://www.dailywire.com/topic/hamas" target="_blank" rel="noopener">Hamas</a>&#8216; cyberwarfare division.</p>
<p style="font-weight: 400;">The so-called &#8220;Remote Administration Tool,&#8221; or RAT, is called Escanor and first surfaced on the Dark Web in January. It can infect computers through Microsoft Office documents, <a href="https://resecurity.com/blog/article/escanor-malware-delivered-in-weaponized-microsoft-office-documents">according</a> to Resecurity, which protects Fortune 500 companies. Computers have reportedly been infected in the U.S., Canada, the United Arab Emirates, Saudi Arabia, Kuwait, Bahrain, Egypt, Mexico, Singapore, and Israel.</p>
<p style="font-weight: 400;">“The tool can be used to collect GPS coordinates of the victim, monitor key strokes, activate hidden cameras, and browse files on the remote mobile devices to steal data,” Resecurity warned.</p>
<p>The domain name behind the dangerous tool, &#8220;escanor[.]live,&#8221; may be linked to <a href="https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf" target="_blank" rel="noopener">Molerats</a> and <a href="https://malpedia.caad.fkie.fraunhofer.de/actor/aridviper" target="_blank" rel="noopener">APT-C-23</a>, two units of the Hamas cyberwarfare division. Security Affairs <a href="https://securityaffairs.co/wordpress/134697/malware/escanor-malware-ms-docs.html">reported</a> that APT-C-23 is “known in particular to target Israeli military assets,” and that Molerats, which has been linked to Hamas, has been active for over a decade.</p>
<p>“It’s also tracked as Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal, Moonlight and TA402 — some researchers believe there are multiple groups operating under the same umbrella,” <a href="https://www.securityweek.com/hamas-cyberspies-return-new-malware-after-exposure-operations">Security Week</a> reported.</p>
<p>Escanor is a version of an Android- and PC-based remote administration tool that hackers use to infect Microsoft Office and Adobe PDF documents with malware, according to <a href="https://securityaffairs.co/wordpress/134697/malware/escanor-malware-ms-docs.html">Security Affairs</a>. But Escanor&#8217;s power has been souped up with elements taken from “cracked” versions of other Dark Web tools, according to the company.</p>
<p>The mobile version of Escanor, dubbed &#8216;Escape-RAT,&#8217; intercepts banking OTPs, or &#8220;one-time passwords&#8221; that are generated for customers who don&#8217;t choose their own. That allows the cybercriminal full access to the user&#8217;s account, and also can spread malware that allows the criminal to activate cameras, track users, and carry out other potentially devastating acts.</p>
<p>“Fraudsters monitor the location of the victim, and leverage Esca RAT to steal credentials to online-banking platforms and perform unauthorized access to compromised account from the same device and IP – in such case fraud prevention teams are not able to detect it and react timely,” malware analyst Ali Saifeldin said.</p>
<p>Escanor is a well-known force on the Dark Web, where criminals buy and sell an array of illegal goods and services. It also has over 28,000 subscribers on its Telegram channel. The actor behind the malware is believed to be the same person or persons behind other hacking tools sold on the Dark Web, including ones known as Venom RAT and Pandora HVNC, which may have been incorporated into Escanor.</p>

<script async src="https://www.instagram.com/embed.js"></script>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
<script async src="https://www.tiktok.com/embed.js"></script><div data-widget-host="revcontent" data-pub-id="165152" data-widget-id="290588"></div><script src="https://delivery.revcontent.com/165152/290588/widget.js"></script>

Devastating Malware For Hacking Banking Accounts May Be Linked To Hamas

CONTINUE READING

‘Shut Up, You Ugly F*ck’: Democrats Melt Down After Stephen Miller Trolls Radically Woke Talarico

Radical Senate Candidate Admits He ‘Struggles’ To Say Israel Has A Right To Exist

Army Vet Dies After He’s Beaten Outside His Famed ‘Trump House’

Judge Stops The Left’s Effort To Cause Redistricting Chaos In Republican State

Supreme Court Rejects Lawsuit Against Blue States Over Illegal Immigrant Truck Drivers

The Frustrating Truth Behind America’s Airport Security Nightmare

News

Cybersecurity

Hamas

Israel

A video goes viral showing a baby being refused his mother by two gay "dads". This is just the tip of the iceberg, which is why we will have an important discussion today about surrogacy. 

Hour 1

The Matt Walsh Show

Ep. 1765 - This Video Is One Of The Worst Things I've Seen In A Long Time 

The Strait of Hormuz officially opens for business (kind of), the Pope makes “shocking” comments on immigration, and President Trump promises UFO disclosure at TPUSA. 


The Michael Knowles Show

Ep. 1956 -  Pope Leo's "SHOCKING" Immigration Comments EXPLAINED

A false miscreed has corrupted our leadership class.


The Andrew Klavan Show

Ep. 1275 - Dumb, Dumber and Progressive

President Trump announces a 10-day ceasefire between Lebanon and Israel, a murder-suicide involving former Democratic Lieutenant Governor Justin Fairfax shakes Virginia, and France and Britain hold a conference to secure the Strait of Hormuz – after the Iranian conflict ends. Get the facts first with Morning Wire.

- - -

Ep. 2738

- - -

Wake up with new Morning Wire merch: https://bit.ly/4lIubt3

- - -

Today's Sponsors:

Alliance Defending Freedom - Visit https://JoinADF.com/WIRE or text 'WIRE' to 83848 to learn more.

Pocket Hose - Text MORNING to 64000 to get a FREE pocket pivot and their 10-pattern sprayer with the purchase of ANY size Copper Head hose. Message and data rates may apply.

Morning Wire

U.S. Expands Hormuz Blockade & VA Fairfax Deaths Investigated | 4.17.26

U.S. Expands Hormuz Blockade & VA Fairfax Deaths Investigated | 4.17.26 [Member Exclusive]

A ceasefire goes into effect between Israel and Lebanon, a tragic murder-suicide rocks Virginia, and Dairy Queen deploys AI in the drive-thru. Get the facts first with Evening Wire.
- - -
Ep. 2737
- - -
Wake up with new Morning Wire merch: https://bit.ly/4lIubt3 
- - -
Today’s Sponsor:

Alliance Defending Freedom - Visit https://JoinADF.com/WIRE or text “WIRE” to 83848 to learn more.


Evening Wire: Lebanon Ceasefire Begins & Murder-Suicide Rocks VA | 4.16.26

The Pendragon Cycle

Menu

— News —

Devastating Malware For Hacking Banking Accounts May Be Linked To Hamas