It’s no secret that few terrorist organizations have an online presence as large as Islamic State. ISIS uses social media sites such as Facebook, Twitter, and Instagram, along with encrypted messaging services like Telegram, to recruit new members and spread its propaganda. It even develops its own apps – something that could cost the group dearly.
A report from Motherboard reveals that ISIS is warning its members to beware of fake, malware-infused versions of its Android apps that are designed to spy on those who download them.
ISIS’ apps include Amaq News, which reports on the group's activities, al-Bayan for streaming radio, and even a jihadi-themed app for children that teaches the Arabic alphabet by associating letters with various pictures of weapons, such as "Bundiqiya" (Rifle) for B.
But it seems “dubious sources” are now taking advantage of all these terrorist apps and their lack of security checks.
ISIS started releasing warnings at the beginning of June that anyone downloading the apps should only do so via its official channels.“Dubious sources published a fake version of the Amaq Agency Android app, aimed at breaching security and spying,” it said in the alert.
A later notification that didn’t come from official ISIS sources read: “we advise all supporters of the State of the Caliphate to count on the official channels while uploading these applications and verify the digital fingerprint for the application before starting it.”
ISIS apps obviously aren’t found in the Google Play or Apple iOS stores but are sideloaded onto Android devices from outside sources. Being able to create and install apps from outside the store ensures the applications avoid violating Google’s policies, but it's the same way that the malware-loaded apps are spread.
Despite the risk, it appears that ISIS will continue to create new apps and its supporters will continue to download them. But it seems this is one of those rare cases where malware can be a force for good.