Showing posts with label spyware. Show all posts
Showing posts with label spyware. Show all posts

Monday, March 18, 2024

How to Hunt Down Malware on Mobile Devices

co-authored by Josh Hickman, Subject Matter Expert Collect and Review, Cellebrite

The ubiquity of mobile devices makes them prime targets for malware attacks.
Despite the expertise in incident response and malware detection for PCs and Macs, mobile security, on the other hand, often remains uncharted territory for many organizations and users alike. No longer a question of if but when an attack is going to happen, there is a pertinent need for education in identification, resolution and bolstering defences against future attacks.

What Malware Looks Like and How it Gets There

Mobile malware manifests in various forms, from ransomware encrypting data to spyware surreptitiously monitoring activities. Understanding the modus operandi of mobile malware is critical for detection and mitigation efforts...How it lands on a device and what you can do... more

Thursday, February 8, 2024

Corporate Security Alert: Google's Spyware Report

Spyware risks are rising fast, and you should definitely be worried — even Google says so...

Companies developing spyware and offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good.

This is according to a new report from Google, which highlights the growing concern of commercially developed spyware.

Now, according to Google’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. more

Google: "If governments ever claimed to have a monopoly on the most advanced cyber capabilities, that era is over. The private sector is now responsible for a significant portion of the most sophisticated tools we detect."

Thursday, July 20, 2023

U.S. Blacklists 2 Firms - Built Meta, iOS and Android Spyware

The Commerce Department blacklisted two European cyber firms that build spyware software, the Commerce Department announced Tuesday, including technology hawked by both firms that was used to surveil Meta users and reportedly at least one Meta employee.

The software exploited vulnerabilities in Android and iOS software and deployed hundreds of spoof Meta accounts to surveil activists, politicians and journalists around the world.

The firms — Intellexa and Cytrox — were described jointly as traffickers of “exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide” in a Bureau of Industry and Security press release. more

Saturday, July 1, 2023

Security Alert: Unsolicited Smartwatches Received by Mail


Service members across the military have reported receiving smartwatches unsolicited in the mail.
These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.

These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords...

What to do if you receive one of these devices:

Thursday, June 29, 2023

From the What Goes Around Files: Phone Spy App Hacked

LetMeSpy, a phone tracking app spying on thousands, says it was hacked...

A data breach reveals the spyware is built by a Polish developer hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware.

The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, “a security incident occurred involving obtaining unauthorized access to the data of website users​​.”

“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone’s home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone — such as spouses or domestic partners — with physical access to a person’s phone, without their consent or knowledge. more

Wednesday, May 31, 2023

Delete Alert - Android App iRecorder has Morphed Into Spyware

A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.


The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.

Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET. 

Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.

The app is no longer available in the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear the app’s files. more

Tuesday, February 7, 2023

NY AG Spikes Spyware

The New York Office of the Attorney General has announced punitive measures against Patrick Hinchy and 16 of the companies he owns, for illegally promoting spyware.


Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, and TurboSpy.

Once installed on victim devices, the spyware would collect and exfiltrate data such as call logs, text messages, photos, videos, emails, Chrome browser data, location, and data from messaging and social media applications, including WhatsApp, Skype, Facebook, Instagram, and Twitter.

The spyware was sold to ‘customers’ looking to spy on their spouse, colleagues, or other individuals, and was installed on the victims’ devices without their knowledge and without notifying them of the data collection and exfiltration activities...

Collected data, the New York OAG has discovered, was being transmitted in an insecure manner, which exposed it to potential cyberattacks and snooping...

The New York OAG fined Hinchy and his companies $410,000 in penalties and ordered them to modify the software so that it would notify device owners of the data collection activities. more

Wednesday, November 30, 2022

The EU's Spyware Conundrum

MEPs are concerned that eavesdropping with Pegasus-type software is escalating, but the bloc is unlikely to impose rules as the final word rests with member states who dislike such oversight, experts said.

Pegasus and other software, such as Predator, have gained significant notoriety in recent years after it came to light they were being used by governments and politicians against political rivals, journalists, and activists, amongst others...

Jeroen Lenaеrs, chair of the PEGA European Parliament’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware, said it was “pretty scary” how much information about personal life the Pegasus-type spyware can get...

“The Commission realises that something must be done,” said Lenaеrs... But he lamented the lack of political will from many capitals. more

Thursday, October 6, 2022

New "RatMilad" Android Malware—Steals Data and Spies on Victims

"RatMilad", a new type of Android malware,
is now being used within the Middle East to spy on victims via their smartphones and steal data. RatMilad is a kind of spyware, which are malware programs used to spy on victims through their devices. RatMilad is capable of recording both video and audio, giving the attackers the ability to listen in on private conversations and conduct remote surveillance.

On top of this, RatMilad allows malicious actors to change application permissions on victims' devices.

RatMilad is infecting devices via a phony VPN and number spoofing apps Text Me and NumRent. These apps are being spread through links on social media, meaning almost anyone could be exposed to RatMilad. Once the phony app is installed onto the device, RatMilad can start stealing data and spying on victims. It is being used in this campaign by an Iranian hacker group known as AppMilad. more

Sunday, September 25, 2022

Covenant Eyes: God isn't the only one watching you...

Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.

GRACEPOINT is (an) evangelical Southern Baptist church... when Grant Hao-Wei Lin came out to a Gracepoint church leader during their weekly one-on-one session, he was surprised to learn that he wasn’t going to be kicked out. According to his church leader, Hao-Wei Lin says, God still loved him in spite of his “struggle with same-sex attraction.”

But Gracepoint did not leave the matter in God’s hands alone. At their next one-on-one the following week, Hao-Wei Lin says the church leader asked him to install an app called Covenant Eyes on his phone...

Covenant Eyes is part of a multimillion-dollar ecosystem of so-called accountability apps that are marketed to both churches and parents as tools to police online activity. For a monthly fee, some of these apps monitor everything their users see and do on their devices, even taking screenshots (at least one per minute, in the case of Covenant Eyes) and eavesdropping on web traffic, WIRED found. The apps then report a feed of all of the users’ online activity directly to a chaperone—an “accountability partner,” in the apps’ parlance. When WIRED presented its findings to Google, however, the company determined that two of the top accountability apps—Covenant Eyes and Accountable2You—violate its policies. more

Thursday, September 8, 2022

Greece Wiretap and Spyware

It has been dubbed the Greek Watergate. What began as a surveillance of a little-known journalist in Greece has evolved into an array of revelations circling around the Greek government.

The story emerged last spring, when Thanasis Koukakis found out his phone had been infected with spyware that can extract data from a device. He also discovered he had been tracked by Greece's EYP National Intelligence Service via more traditional phone-tapping.

It then emerged that an MEP had also had his phone tapped before he became leader of Greece's third-biggest party. more

Tuesday, August 23, 2022

Pegasus Spyware Maker NSO Avoiding a TKO

Will spyware maker NSO Group's struggles reduce use of its eavesdropping tech? Critics doubt it.

Embattled Israeli spyware vendor NSO Group announced a major reorganization Sunday — replacing its longtime CEO and laying off roughly 100 of its 700 employees — but experts who track the growing trade in surveillance technology say that’s unlikely to curtail deployment of the company’s technology designed to secretly monitor its targets...

More broadly, however, NSO may serve as a cautionary tale for the myriad other spyware vendors around the world hawking their wares. “Spyware tech is a risky investment,” Scott-Railton said. “Investors don’t usually line up to get wiped out.” more

In Other Corporate Spy News...

Enterprise giant Oracle is facing a fresh privacy class action claim in the U.S.


The suit, which was filed Friday as a 66-page complaint in the Northern District of California, alleges the tech giant's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth. more

Sunday, July 31, 2022

Chinese Backup Chargers can Eavesdrop and Locate Individuals

Chinese media reporters have discovered that backup chargers can eavesdrop, locate citizens, and “live broadcast” citizens’ lives. However, this “spy backup charger,” which violates personal privacy, has been sold widely on e-commerce platforms in recent years. more

Man Charged for Creating International Covert Spyware at Age 15


Australia - The man who is now 24, and his mother have both been charged, over the program used by domestic violence offenders and paedophiles. more / video

Saturday, March 12, 2022

Some Thoughts on Mobile Spyware

It really is a great time to be a mobile threat. As mobile devices become ever more critical in our daily lives, hackers are seizing on a vulnerable blindspot in the enterprise attack surface...

Mobile threats often emanate from app stores, where many types of mobile malware hide as legitimate apps...

Spyware Detection Tips
As Sun Tzu once said, “There is no place where espionage is not possible.” Spyware exemplifies that statement perfectly. Spyware turns a personal mobile device into a corporate espionage bug just by entering an office, nestled in someone’s pocket...

To secure this largely-unrecognized vector, enterprises can look to mobile threat defense. When incorporated as part of a zero trust approach, MTD technology can examine the security of individual mobile devices, alerting the enterprise to threats and blocking access. It can ensure the device hasn’t been infected, jailbroken or compromised and act to protect corporate data if a threat arises. more

Sunday, January 9, 2022

iPhone Malware Tactic Causes Fake Shutdowns: Enables Spying

The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background.

The stealthy technique, dubbed “NoReboot” by researchers, is “the ultimate persistence bug,” according to a ZecOps analysis this week... 

Is There a Patch for NoReboot?

ZecOps researchers noted that even though they call the issue a “persistence bug,” it can’t actually be patched because “it’s not exploiting any…bugs at all — only playing tricks with the human mind.” Via Twitter, the firm said that the technique works on every version of iPhone, and to prevent it, Apple would need to build in a hardware-based indicator for iPhone sleep/wake/off status.

To protect themselves, iPhone users should run standard checks for malware and trojanized apps, and take the usual vetting precautions when downloading and installing new apps. more

Wednesday, December 22, 2021

Khashoggi's Wife's Phone Bugged With Spyware Before Killing


The mobile phone of Hanan Elatr, the wife of Saudi dissident and journalist Jamal Khashoggi was reportedly bugged by United Arab Emirates agents.
 

The cell phone of Hanan Elatr was infected several months before he was killed in 2018. 

Jamal Khashoggi was killed in Saudi Arabia’s consulate in Istanbul, reported Sputnik citing The Washington Post. The phone of Elatr was reportedly infected when she was questioned by UAE officials.  more

Wednesday, November 24, 2021

Apple Sues Israeli Spyware Maker

Apple sued the NSO Group, the Israeli surveillance company, in federal court on Tuesday, another setback for the beleaguered firm and the unregulated spyware industry.

The lawsuit is the second of its kind — Facebook sued NSO in 2019 for targeting its WhatsApp users — and another consequential move by a private company to curb invasive spyware by governments and the companies that provide their spy tools.

Apple, for the first time, seeks to hold NSO accountable for what it says was the surveillance and targeting of Apple users. more

Wednesday, September 22, 2021

Pegasus: How The Spyware Invades Phones & What It Does

What is Pegasus?
Is Pegasus a hacking software or spyware? It is pipped as the best version of both worlds that was developed, marketed, and licensed to governments around the world by the Israeli company NSO Group. This is because of the intrusive nature it possesses where it can infect and silent surveillance on billions of phones running either iOS or Android operating systems. 

Pegasus was first discovered in 2016 in a group of mobile devices which were infected via a spear phishing campaign which tricked users into clicking on malicious links which would install the spying software. However, recent versions of the spyware are much more sophisticated and require zero interaction from the victim for delivery and execution.

How it works?
The spyware executes via a zero-click exploit. This means that a victim does not need to interact with the initial delivery vector of the spyware for the malicious code to be executed. The victim receives a message on SMS, WhatsApp, iMessage or any other messaging application. As soon as the message is received the spyware is executed and all traces of the message are deleted. This implies that the user’s device will be infected with the spyware, without the user being aware of even receiving any suspicious message. more



Tuesday, September 14, 2021

FTC Shuts Down Smartphone Spyware App Company

The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a SpyFone.com and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.

The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.

Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. more