Surveillanceware tools collected critical data from US, UK, and Australian officials and diplomats.

The hack, which was allegedly coordinated by Pakistani military members, collected sensitive photos, audio recordings, text messages, and could also disable a phone's reception.

The victims unknowingly gave access to images of US military hardware, photos of passports, details of diplomatic visits, and letters from senior officials.

In one instance a phishing message was sent via Facebook Messenger.



The Pakistani military allegedly coordinated a surveillance operation which collected data from US, UK, and Australian officials and diplomats.


Researchers from US mobile-security company Lookout found Western officials were unintentionally caught up in a data-gathering operation which used surveillanceware tools dubbed Stealth Mango (for Android) and Tangel (for iOS).In a report released last week, Lookout researchers said they believe Pakistani military members were responsible for hacks targeting civilians, government officials, diplomats, and military personnel in Pakistan, India, Iraq and the UAE.

"These tools have been part of a highly targeted intelligence gathering campaign we believe is

operated by members of the Pakistani military," the report read. "Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians."


According to Lookout, which analyzed 15gb of compromised data, perpetrators largely targeted victims via phishing messages which linked to a third-party Android app store.

Once a surveillanceware app was downloaded it was able to access text messages, audio recordings, photos, calendars, contact lists for apps including Skype, and the phone's GPS location. It also had the ability to detect when a victim was driving and turn off SMS and internet reception during that time.


On at least one occasion the app store URL was sent via Facebook messenger which, according to Lookout, suggests "the attackers are using fake personas to connect with their targets and coerce them into installing the malware onto their devices."

The individuals targeted in this campaign unknowingly gave hackers access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.

Officials and civilians from the US and Iran, as well as British and Australian diplomats, were not targeted in the operation but their data was compromised after interacting with Stealth Mango victims.

Some of the victims' compromised data included:

A letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence

A letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs

Details of visits to Quetta, Balochistan, Pakistan by Australian Diplomats

Details of visits to Quetta, Balochistan, Pakistan by German Diplomats

Photos of Afghan and Pakistani military officials


It's unknown when Stealth Mango was launched, but its latest release was made in April 2018.

Lookout believes it was created by freelance developers with physical presences in Pakistan, India, and the United States, but actively managed by actors in Pakistan who are most likely members of the military.


The main developer is thought to be a full-time app creator. Lookout suspects he once worked for a company based in Sydney, Australia. On LinkedIn, most of the company's employees are based in Pakistan.When contacted by Lookout, Google said the apps used in this operation were not available on the Google Play Store, but "Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices."