PoisonCarp

Description

(Citizen Lab) We observed POISON CARP employing a total of eight Android browser exploits and one Android spyware kit, as well as one iOS exploit chain and iOS spyware. None of the exploits that we observed were zero days. POISON CARP overlaps with two recently reported campaigns against the Uyghur community. The iOS exploit and spyware we observed was used in watering hole attacks reported by Google Project Zero, and a website used to serve exploits by POISON CARP was also observed in a campaign called “Evil Eye” reported by Volexity. The Android malware used in the campaign is a fully featured spyware kit that has not been previously documented.

Names

Name
PoisonCarp
INSOMNIA

Type

Backdoor
Info stealer
Exfiltration

Information

https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ios.poisoncarp

Other Information

Uuid

bdbce19d-0720-408e-99b9-d56d5df7c1e3

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

PoisonCarp

PoisonCarp

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks