ETDA ThaiCERT
Report
Search
Home > List all groups > Tempting Cedar Spyware

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Tempting Cedar Spyware

NamesTempting Cedar Spyware (Avast)
CountryLebanon Lebanon
MotivationInformation theft and espionage
First seen2015
Description(ZDNet) A hacking campaign used fake Facebook profiles to trick targets into downloading malware capable of stealing vast swathes of information, including messages, photos, audio recordings and even the exact location of victims.

The group has been operating since as early as 2015 and is thought to have infected the Android phones of hundreds selected targets across the Middle East. The the highest concentration of infections is in Israel, but victims have also been seen in the US, China, Germany and France.

Uncovered by researchers at Avast, the operation has been dubbed 'Tempting Cedar Spyware'. The name combines the main means of attack - by tricking victims using fake social media profiles purporting to be those of a young woman - with the Cedar tree, which features prominently on the flag of Lebanon.

The campaign for distributing the malware begins with fake Facebook profiles which are designed to lure in victims - predominantly men - with 'flirty' conversations.
ObservedCountries: China, France, Germany, Israel, USA.
Tools usedTempting Cedar Spyware.
Information<https://www.zdnet.com/article/hacking-group-uses-facebook-lures-to-trick-victims-into-downloading-android-spyware/>
<https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware>

Last change to this card: 19 April 2020

Download this actor card in PDF or JSON format

Previous: Temper Panda, admin@338
Next: TEMP.Veles

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key