Skip to main content
VIRUS DEFINITION

Virus Type: Malware / Espionage Tool

What is Desert Falcons?

Desert Falcons is a group of cybermercenaries operating from the Middle East and using a set of methods to hide and operate malware. The cybercriminals appear to be highly skilled: in addition to proficient social engineering tricks, they have developed the following from scratch:

  • Computer systems malware targeting Windows devices
  • Mobile malware targeting Android devices
  • Infection vectors, including phishing emails, fake websites and fake social networking accounts

Who are the victims of Desert Falcons?

Potential victims were enticed with socio-political news and information, and many succumbed rapidly to malware infection.

The victims targeted include:

  • Military and Government
  • Newspaper, TV/Radio Channels and Top Media Outlets
  • Financial and Trading Institutions
  • Research and Education Institutions
  • Activists and Political Leaders
  • Energy Firms
  • Physical Security Companies

Victims of the Desert Falcons are located mainly in the following countries:

  • Egypt
  • Palestine
  • Israel
  • Jordan

How do I know if I'm infected or not?

The list of indicators of compromise is available on Securelist.com

How can I protect myself against the Desert Falcons campaign?

Kaspersky Lab products detect and block all variants of the malware used in this campaign:

Trojan.Win32.DesertFalcons
Trojan-Spy.Win32.Agent.cncc
Trojan-Spy.Win32.Agent.ctcr
Trojan-Spy.Win32.Agent.ctcv
Trojan-Spy.Win32.Agent.ctcx
Trojan-Spy.Win32.Agent.cree
Trojan-Spy.Win32.Agent.ctbz
Trojan-Spy.Win32.Agent.comn
Trojan.Win32.Bazon.a

The Desert Falcons

Desert Falcons is a group of cybermercenaries operating from the Middle East and using a set of methods to hide and operate malware.
Kaspersky Logo