Everyone has an app, it seems, even ISIS, which actually has multiple apps for Android, a platform that makes sideloading apps much easier than iOS.
According to Motherboard, ISIS has at least six different mobile apps that interested parties can grab and install on their devices. You won't find these on the Google Play store obviously, but it's not that difficult to pass an .apk around to a community of people through websites, emails, and physical media.
However, this unofficial distribution process makes it easier for others to host fake versions of apps and pass them around as if they were real. And that's exactly what's happening to ISIS. The terrorist organization is currently circulating warnings that altered versions of its apps are floating around—a valuable means of intelligence for those that want to learn more about ISIS's innerworkings, no doubt.
"Recently, a fake copy of al-Bayan broadcast, 'Amaq, and others were circulated. The publishing individual claimed that they are in several languages and it appeared that it aims for breaching, so we advise all supporters of the State of the Caliphate to count on the official channels while uploading these applications and verify the digital fingerprint for the application before starting it," reads one such warning, published to various ISIS social media channels and distributed by those who actually built (and host) some of ISIS's apps.
It's likely that ISIS will keep creating new apps and updating its existing apps regardless, and the threat of hijacked apps will just have to be in the background of supporters' minds when they go to install something new. We wager that not many people are looking at checksums to determine whether the .apk files they're installing are identical to the "real" .apk files that more official sources are putting out. That, unfortunately, is a common issue when there isn't really a centralized location to obtain these kinds of files—or, at least, not one that is guaranteed to remain online 100 percent of the time.
Recommended by Our Editors
What we don't know is what group (or groups) is specifically trying to hijack ISIS's apps and what they plan to learn from doing so. Or, for that matter, if these attackers have more nefarious plans in mind: Sideloading malware onto supporters' devices instead of just trying to learn more about them (and possibly their account credentials for other services).
In March, top military brass revealed that the US Cyber Command is hard at work disrupting ISIS's communications networks. It's an emerging war strategy in the Middle East, and it comes from a relatively new agency—Cyber Command was established in 2009. The goal, according to Secretary of Defense Ash Carter, is to overload ISIS's network so that it can't function effectively.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
