Europol Arrested GozNym Malware Actors in Simultaneous International Operation
Last updated June 23, 2021
Encrochat users have received a series of unexpected messages from the encrypted phone service recently, claiming that Europol has taken over parts of its infrastructure. Some consider the underground service to be compromised beyond return now, and so its users are advised to look elsewhere. Encrochat has been used by people who engage in criminal activities, among some who simply value their privacy. There are many end-to-end encrypted communications solutions out there, but the particular demographics of the Encrochat app may be the reason why the law enforcement targeted it specifically.
The warning message sent from Encrochat to its users was the following:
“Today, we had our domain seized illegally by government entities. They repurposed our domain to launch an attack to compromise the carbon units. With control of our domain, they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe.”
This tells the whole story really, indicating that the Encrochat devices have been infected with malware. However, the link to Europol hasn’t been established with certainty yet. A spokesperson of the continental agency told Motherboard that they do not wish to comment on ongoing operations. The publication claims to have information about various recent seizures that happened during police raids around Europe. Reportedly, Encrochat devices were confiscated, analyzed, and utilized for the development of a suitable malware strain.
These devices are usually Android-based smartphones that had their GPS sensors, microphones, and cameras stripped out, and which run on custom operating systems that come with encrypted chat apps installed by default. In some cases, they are locked in “secure” networks operated by the device vendor, so users of Encrochat phones can only connect with other Encrochat devices. Many of these vendors, like Ennetcom and MPC, have already been shut down by Europol. However, others remain operational, as the audience that seeks these solutions is still out there and willing to pay a lot for these phones. If Europol was successful with the malware operation, they might announce a big Europe-wide bust soon.