Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...

Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013," and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

Karma Files: Data Breach Exposes Millions of mSpy Spyware Customers

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it.

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.

The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker’s Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. more

Lawsuit Claim: Shopping App Temu - “Dangerous Malware,” Spying on Your Texts

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." more

How to Hunt Down Malware on Mobile Devices

co-authored by Josh Hickman, Subject Matter Expert Collect and Review, Cellebrite

The ubiquity of mobile devices makes them prime targets for malware attacks. Despite the expertise in incident response and malware detection for PCs and Macs, mobile security, on the other hand, often remains uncharted territory for many organizations and users alike. No longer a question of if but when an attack is going to happen, there is a pertinent need for education in identification, resolution and bolstering defences against future attacks.

What Malware Looks Like and How it Gets There

Mobile malware manifests in various forms, from ransomware encrypting data to spyware surreptitiously monitoring activities. Understanding the modus operandi of mobile malware is critical for detection and mitigation efforts...How it lands on a device and what you can do... more

Corporate Security Alert: Google's Spyware Report

Spyware risks are rising fast, and you should definitely be worried — even Google says so...

Companies developing spyware and offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good.

This is according to a new report from Google, which highlights the growing concern of commercially developed spyware.

Now, according to Google’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. more

Google: "If governments ever claimed to have a monopoly on the most advanced cyber capabilities, that era is over. The private sector is now responsible for a significant portion of the most sophisticated tools we detect."

U.S. Blacklists 2 Firms - Built Meta, iOS and Android Spyware

The Commerce Department blacklisted two European cyber firms that build spyware software, the Commerce Department announced Tuesday, including technology hawked by both firms that was used to surveil Meta users and reportedly at least one Meta employee.

The software exploited vulnerabilities in Android and iOS software and deployed hundreds of spoof Meta accounts to surveil activists, politicians and journalists around the world.

The firms — Intellexa and Cytrox — were described jointly as traffickers of “exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide” in a Bureau of Industry and Security press release. more

Security Alert: Unsolicited Smartwatches Received by Mail

Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.

These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords...

What to do if you receive one of these devices:

• DO NOT turn the device on.
• Report it to your local counterintelligence, security manager, or through our Submit a Tip - Report a Crime reporting portal. more

From the What Goes Around Files: Phone Spy App Hacked

LetMeSpy, a phone tracking app spying on thousands, says it was hacked...

A data breach reveals the spyware is built by a Polish developer hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware.

The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, “a security incident occurred involving obtaining unauthorized access to the data of website users​​.”

“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone’s home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone — such as spouses or domestic partners — with physical access to a person’s phone, without their consent or knowledge. more

Delete Alert - Android App iRecorder has Morphed Into Spyware

A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.

The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.

Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET. 

Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.

The app is no longer available in the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear the app’s files. more

NY AG Spikes Spyware

The New York Office of the Attorney General has announced punitive measures against Patrick Hinchy and 16 of the companies he owns, for illegally promoting spyware.

Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, and TurboSpy.

Once installed on victim devices, the spyware would collect and exfiltrate data such as call logs, text messages, photos, videos, emails, Chrome browser data, location, and data from messaging and social media applications, including WhatsApp, Skype, Facebook, Instagram, and Twitter.

The spyware was sold to ‘customers’ looking to spy on their spouse, colleagues, or other individuals, and was installed on the victims’ devices without their knowledge and without notifying them of the data collection and exfiltration activities...

Collected data, the New York OAG has discovered, was being transmitted in an insecure manner, which exposed it to potential cyberattacks and snooping...

The New York OAG fined Hinchy and his companies $410,000 in penalties and ordered them to modify the software so that it would notify device owners of the data collection activities. more

The EU's Spyware Conundrum

MEPs are concerned that eavesdropping with Pegasus-type software is escalating, but the bloc is unlikely to impose rules as the final word rests with member states who dislike such oversight, experts said.

Pegasus and other software, such as Predator, have gained significant notoriety in recent years after it came to light they were being used by governments and politicians against political rivals, journalists, and activists, amongst others...

Jeroen Lenaеrs, chair of the PEGA European Parliament’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware, said it was “pretty scary” how much information about personal life the Pegasus-type spyware can get...

“The Commission realises that something must be done,” said Lenaеrs... But he lamented the lack of political will from many capitals. more

New "RatMilad" Android Malware—Steals Data and Spies on Victims

"RatMilad", a new type of Android malware, is now being used within the Middle East to spy on victims via their smartphones and steal data. RatMilad is a kind of spyware, which are malware programs used to spy on victims through their devices. RatMilad is capable of recording both video and audio, giving the attackers the ability to listen in on private conversations and conduct remote surveillance.

On top of this, RatMilad allows malicious actors to change application permissions on victims' devices.

RatMilad is infecting devices via a phony VPN and number spoofing apps Text Me and NumRent. These apps are being spread through links on social media, meaning almost anyone could be exposed to RatMilad. Once the phony app is installed onto the device, RatMilad can start stealing data and spying on victims. It is being used in this campaign by an Iranian hacker group known as AppMilad. more

Covenant Eyes: God isn't the only one watching you...

Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.

GRACEPOINT is (an) evangelical Southern Baptist church... when Grant Hao-Wei Lin came out to a Gracepoint church leader during their weekly one-on-one session, he was surprised to learn that he wasn’t going to be kicked out. According to his church leader, Hao-Wei Lin says, God still loved him in spite of his “struggle with same-sex attraction.”

But Gracepoint did not leave the matter in God’s hands alone. At their next one-on-one the following week, Hao-Wei Lin says the church leader asked him to install an app called Covenant Eyes on his phone...

Covenant Eyes is part of a multimillion-dollar ecosystem of so-called accountability apps that are marketed to both churches and parents as tools to police online activity. For a monthly fee, some of these apps monitor everything their users see and do on their devices, even taking screenshots (at least one per minute, in the case of Covenant Eyes) and eavesdropping on web traffic, WIRED found. The apps then report a feed of all of the users’ online activity directly to a chaperone—an “accountability partner,” in the apps’ parlance. When WIRED presented its findings to Google, however, the company determined that two of the top accountability apps—Covenant Eyes and Accountable2You—violate its policies. more

Greece Wiretap and Spyware

It has been dubbed the Greek Watergate. What began as a surveillance of a little-known journalist in Greece has evolved into an array of revelations circling around the Greek government.

The story emerged last spring, when Thanasis Koukakis found out his phone had been infected with spyware that can extract data from a device. He also discovered he had been tracked by Greece's EYP National Intelligence Service via more traditional phone-tapping.

It then emerged that an MEP had also had his phone tapped before he became leader of Greece's third-biggest party. more

Pegasus Spyware Maker NSO Avoiding a TKO

Will spyware maker NSO Group's struggles reduce use of its eavesdropping tech? Critics doubt it.

Embattled Israeli spyware vendor NSO Group announced a major reorganization Sunday — replacing its longtime CEO and laying off roughly 100 of its 700 employees — but experts who track the growing trade in surveillance technology say that’s unlikely to curtail deployment of the company’s technology designed to secretly monitor its targets...

More broadly, however, NSO may serve as a cautionary tale for the myriad other spyware vendors around the world hawking their wares. “Spyware tech is a risky investment,” Scott-Railton said. “Investors don’t usually line up to get wiped out.” more

In Other Corporate Spy News...

Enterprise giant Oracle is facing a fresh privacy class action claim in the U.S.

The suit, which was filed Friday as a 66-page complaint in the Northern District of California, alleges the tech giant's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth. more

Chinese Backup Chargers can Eavesdrop and Locate Individuals

Chinese media reporters have discovered that backup chargers can eavesdrop, locate citizens, and “live broadcast” citizens’ lives. However, this “spy backup charger,” which violates personal privacy, has been sold widely on e-commerce platforms in recent years. more

Man Charged for Creating International Covert Spyware at Age 15

Australia - The man who is now 24, and his mother have both been charged, over the program used by domestic violence offenders and paedophiles. more / video

Some Thoughts on Mobile Spyware

It really is a great time to be a mobile threat. As mobile devices become ever more critical in our daily lives, hackers are seizing on a vulnerable blindspot in the enterprise attack surface...

Mobile threats often emanate from app stores, where many types of mobile malware hide as legitimate apps...

As Sun Tzu once said, “There is no place where espionage is not possible.” Spyware exemplifies that statement perfectly. Spyware turns a personal mobile device into a corporate espionage bug just by entering an office, nestled in someone’s pocket...

To secure this largely-unrecognized vector, enterprises can look to mobile threat defense. When incorporated as part of a zero trust approach, MTD technology can examine the security of individual mobile devices, alerting the enterprise to threats and blocking access. It can ensure the device hasn’t been infected, jailbroken or compromised and act to protect corporate data if a threat arises. more

iPhone Malware Tactic Causes Fake Shutdowns: Enables Spying

The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background.

The stealthy technique, dubbed “NoReboot” by researchers, is “the ultimate persistence bug,” according to a ZecOps analysis this week... 

Is There a Patch for NoReboot?

ZecOps researchers noted that even though they call the issue a “persistence bug,” it can’t actually be patched because “it’s not exploiting any…bugs at all — only playing tricks with the human mind.” Via Twitter, the firm said that the technique works on every version of iPhone, and to prevent it, Apple would need to build in a hardware-based indicator for iPhone sleep/wake/off status.

To protect themselves, iPhone users should run standard checks for malware and trojanized apps, and take the usual vetting precautions when downloading and installing new apps. more

Khashoggi's Wife's Phone Bugged With Spyware Before Killing

The mobile phone of Hanan Elatr, the wife of Saudi dissident and journalist Jamal Khashoggi was reportedly bugged by United Arab Emirates agents.  

The cell phone of Hanan Elatr was infected several months before he was killed in 2018. 

Jamal Khashoggi was killed in Saudi Arabia’s consulate in Istanbul, reported Sputnik citing The Washington Post. The phone of Elatr was reportedly infected when she was questioned by UAE officials.  more