Malware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones).
Malware can be installed on a device:
- Remotely, typically through phishing[1] via email or text-based messages (SMS, etc.) To be effective, phishing often requires the target to open a malicious file or link.
- By physical accessing the device.
See the “Targeted malware” topic.
Used in tactics: Incrimination
Mitigations
| Name | Description |
|---|---|
| Compartmentalization | If an adversary installs malware on a Tails[2] USB stick or a Qubes OS[3] virtual machine that you use for different digital identities, they can tie the different identities together. To mitigate this, you can use different Tails USB sticks or Qubes OS virtual machines for different digital identities. |
| Computer and mobile forensics | You can use computer and mobile forensics to detect traces of malware on a device on which malware is or was installed. |
| Digital best practices | You can follow digital best practices, and in particular use security-oriented operating systems to make it harder for an adversary to install malware on your digital devices. |
| Encryption | You can encrypt “in-motion” data to make it harder for an adversary to install malware through network packet injection, an installation vector for some malware, such as Pegasus[4]. |
Used in repressive operations
| Name | Description |
|---|---|
| Repression of Lafarge factory sabotage | Investigators made five requests to remotely install spyware[5]. Of these, one installation was successful (on an iPhone SE 2020) and provided access to a Signal group conversation. |
| Scripta Manent | Malware was installed on the computer of one of the defendants[6]. The malware, which was installed remotely over the Internet, targeted a Windows computer and was capable of recording text typed on the keyboard, taking periodic screenshots, and recording communications sent and received to and from the computer. |