SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites

Sekoia TDR uncovered a sustained watering‑hole campaign (first observed late 2022) compromising 25 Kurdish-linked sites with four JavaScript variants that exfiltrate location, WebRTC/local IPs, device/browser fingerprints, capture selfie images, and selectively redirect targets to install a malicious Android APK that beacons location and can exfiltrate contacts and files; the report includes technical analysis, IOCs (domains, IPs, APK hashes), YARA rules, and attribution hypotheses but finds no match to known intrusion sets.