Karma Files: Data Breach Exposes Millions of mSpy Spyware Customers

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it.

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.

The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker’s Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. more

From the What Goes Around Files: Phone Spy App Hacked

LetMeSpy, a phone tracking app spying on thousands, says it was hacked...

A data breach reveals the spyware is built by a Polish developer hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware.

The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, “a security incident occurred involving obtaining unauthorized access to the data of website users​​.”

“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone’s home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone — such as spouses or domestic partners — with physical access to a person’s phone, without their consent or knowledge. more

Delete Alert - Android App iRecorder has Morphed Into Spyware

A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.

The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.

Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET. 

Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.

The app is no longer available in the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear the app’s files. more

Spy Headlines this Week

• TikTok CEO on ByteDance: "I Don't Think That Spying is the Right Way to Describe It." more

• Facing spying claims, Mexico recorded phone call of prominent activist more

• The Spy Law That Big Tech Wants to Limit more

• Your refrigerator could be spying on you! Senate committee clamps down on smart devices more

• Greek intelligence allegedly uses Predator spyware to wiretap Facebook Security Manager more

• Senate Bill Would Be Big Step to Combatting Harmful Workplace Surveillance Practices more

• Archbishop admits spying on other Vatican officials more

• Everett school superintendent sues city for racial discrimination; charges mayor bugged her office more

• CIA's CTO and deputy director explain the future of high-tech spying more

• Spying, cocaine, money-laundering, historic losses: The sordid tale of the fall of Credit Suisse more

• Cell phone spying growing strong: How to know if you’ve been a victim of ‘stalkerware’ more

• Fox News producer was forced to spy on Maria Bartiromo, who execs called 'crazy,' more

• ESPIONAGE BOOK RECOMMENDATIONS FROM A FORMER CIA SPY more

Greece Wiretap and Spyware

It has been dubbed the Greek Watergate. What began as a surveillance of a little-known journalist in Greece has evolved into an array of revelations circling around the Greek government.

The story emerged last spring, when Thanasis Koukakis found out his phone had been infected with spyware that can extract data from a device. He also discovered he had been tracked by Greece's EYP National Intelligence Service via more traditional phone-tapping.

It then emerged that an MEP had also had his phone tapped before he became leader of Greece's third-biggest party. more

The Government Will Pay for Your Bug Sweep... if you're an Australian

Domestic violence survivors to get government support to scan for spyware and hidden cameras.

Mobile phones will be checked for spyware and homes will be swept for cameras under a government plan to expand support for people who have experienced abuse by a current or former partner...

Nearly $55m will be invested in a program that provides technology checks to ensure people who have experienced domestic violence are not subjected to further abuse.

It includes checking a person's phone and computer to see if any GPS tracking programs or bugs have been installed, as well as searching for cameras hidden in toys, vents or lights in homes. more

Don't live in Australia? Want to check for spycams yourself? Learn how to do it.

Khashoggi's Wife's Phone Bugged With Spyware Before Killing

The mobile phone of Hanan Elatr, the wife of Saudi dissident and journalist Jamal Khashoggi was reportedly bugged by United Arab Emirates agents.  

The cell phone of Hanan Elatr was infected several months before he was killed in 2018. 

Jamal Khashoggi was killed in Saudi Arabia’s consulate in Istanbul, reported Sputnik citing The Washington Post. The phone of Elatr was reportedly infected when she was questioned by UAE officials.  more

FTC Shuts Down Smartphone Spyware App Company

The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a SpyFone.com and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.

The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.

Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. more

Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Pegasus Spyware Update: How to Check Your iPhone

If you’re concerned about recent reports of the Pegasus spyware reportedly installed by the Israeli NSO Group to hack journalists and world leaders, there’s a tool to check if it’s hidden on your iPhone. But you probably have nothing to worry about...

But if you’re concerned, there’s a way to test whether your iPhone has been targeted. It’s not an easy test, mind you, but if you’re using a Mac or Linux PC and have backed up your iPhone using it, Amnesty International’s the Mobile Verification Toolkit will be able to detect whether your phone has the Pegasus spyware installed on it. The tool, which TechCrunch tested, works using the macOS Terminal app and searches your latest iPhone backup on your Mac, “is not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal.” You’ll need to install libusb as well as Python 3 using Homebrew. (You can learn more about the installation here.) TechCrunch says the check only takes “about a minute or two to run” once it’s been set up. more

Pegasus Spyware Back in the News

Washington Post... NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click... Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners. more

India Today... Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it...

• Pegasus can be installed on vulnerable phones through a web link or a missed call.
• The spyware can steal passwords, contacts, text messages, and photos.
• The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.

Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever". It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India. more

Tech Xplore... Pegasus spyware: how does it work?

More recent versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.

In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called "zero-day vulnerabilities" in its operating system to install the spyware on some 1,400 phones.

By simply calling the target through WhatsApp, Pegasus could secretly download itself onto their phone—even if they never answered the call.

More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.

That would potentially give it access to the one billion Apple iPhones currently in use—all without the owners needing to even click a button. more

Former Police Officer Jailed for Threats to Release Compromising Images

Australia - A former Portuguese police officer who installed covert cameras in his ex-partner's home and threatened to share compromising photos of her has been sentenced to four years in jail in a Brisbane court...

Prosecutor Alexandra Baker said the man, who had been a police officer in Portugal for 12 years, installed cameras covertly in his ex-partner's home and monitored her through spyware on her phone.

Ms Baker said the cameras made more than 4,500 recordings, including some of the woman in states of undress, and Marques Malagueta had threatened to release sensitive images...

The court heard Marques Malagueta was likely to be deported. more

Will Working from Home Increase Business Espionage Opportunities

I received a question today about inductive coupling; gleaning computer data leaked on to power lines (aka, mains) from keyboards, screens, etc. The person mentioned this was possible if the residences shared the same power transformer.

"So, does the increase in work-from-home offices these days increase the business espionage threat?"

Interesting question. Got me thinking.

I replied...
You're correct about sharing a transformer. Information can be induced onto the mains and intercepted on that side of the circuit. Several floors in an apartment building and usually 3-4 homes in a residential neighborhood can share one transformer.

But, let's think this through...
Back before we all became computerized the mains lines were relatively noise-free. Carrier-current bugs and wireless intercoms worked quite well for transmitting audio. These days, the noise level is a digital cacophony, created by everyone who shares the circuit.

The very low signal level a keyboard might contribute would be difficult to hear. Segregating the signal from other digital noise would also be a challenge. With diligence and the right instrumentation deciphering this digital data is doable. It would not be a nosy neighbor doing this. If you got that far, you're probably a government and the home worker has a bigger than average problem.

Realistically speaking...
A fairly static group of mains users also reduces risk. Your neighbors aren't deep cover spies who have waited years for the chance you might be forced to work from home. Moving into a neighborhood or apartment building with spying intentions is possible, but not easy to do on a moments notice. There are easier ways to obtain even more information, with a lot less work, and greater chance of success.

Worry about these things...
The weak links in a home office are: the computer, wireless keyboards, Wi-Fi, and internet modems. Current versions of wireless keyboards use Bluetooth (30 foot range) with some pretty good security features. As for date leaking onto the mains... Most smart people use a UPS battery backup with filtering for their computers, so no problem there. For anyone without a UPS getting one is a very worthwhile recommendation for multiple reasons.

Threats the average home office faces...

• shared cable internet, 
• Wi-Fi signal hacking, 
• spyware viruses (data, audio and video compromise), 
• Wi-Fi connected printer intercepts, 
• information phishing scams, 
• and none of the usual enterprise type protections. 

Attacks can be instituted by anybody, some staged from anywhere. Being on one side of a transformer isn't necessary. No need to tap the mains.

Imagine this...

• Step #1: The spy purchases a USB Rubber Ducky (to crack into the computer) and an o.mg cable (to crack into the smartphone). Total cost: <$200.00.
• Step #2: Spy plops these into an old Amazon box and mails it to "the mark."
• Step #3: Mark goes, "Wow, cool. I didn't order this. Amazon must have screwed up. Not worth sending back. I'll keep it."
• Step #4: Mark plugs this windfall into his computer and phone.
• Step #5: Gotcha! 

Think this isn't already happening? Think again. The USB Rubber Ducky is now on backorder.

Your company needs to have a technical security consultant on retainer—because there is more to know.

Spying - That's WhatsApp

WhatsApp users are being urged to update their apps, after it emerged that hackers are exploiting a software flaw to wiretap people's phones.

The flaw reportedly allows attackers to install malicious code, known as "spyware", on iPhones and Android phones by ringing up the target device. ​

The code can be transmitted even if the user does not answer the phone and a log of the call often disappears, the Financial Times reported. more

Not sure if WhatsApp is spying on your Android phone? Check here.

The War Against Smartphone Spyware is On

Eva Galperin says she's learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they've called, texted, and even what they discussed in their most private conversations...

Galperin has a plan to end that scourge for good—or at least take a serious bite out of the industry.

In a talk she is scheduled to give next week at the Kaspersky Security Analyst Summit in Singapore, Galperin will lay out a list of demands:

• First, she's calling on the antivirus industry to finally take the threat of stalkerware seriously, after years of negligence and inaction. 
• She'll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn't allow antivirus apps into its App Store. 
• Finally, and perhaps most drastically, she says she'll call on state and federal officials to use their prosecutorial powers to indict executives of stalkerware-selling companies on hacking charges.

"It would be nice to see some of these companies shut down," she says. "It would be nice to see some people go to jail." more

Check here if you need a solution for checking your Android phone for spyware.

Judge Nails Husband for Spyware and Eavesdropping on Wife's Calls ...with her attorney ...twice!

A federal judge has levied sanctions on a tobacco heiress’ estranged husband for destroying evidence related to spyware that he secretly installed on his wife’s phone and used to listen in on her calls, including conversations she had with her attorney. 

It was the second time that a judge has hit Crocker Coulson, who is locked in a bitter divorce with Anne Resnik in state court, with spoliation sanctions for destroying evidence of bugging Resnik’s phone. more

Last year...
A man locked in bitter divorce proceedings with a tobacco heiress was caught bugging his wife’s phone and listening in to her conversations with her attorney, an infraction that a Brooklyn judge said should cost him any claim on the family’s wealth. more

Infographic - Check Your Phone for Spies

There is a lot which can be done to check your phone for spyware. 
Everything from following instructions in a book to a full forensic inspection.

In the meantime, you can start with this...

You can find a slightly larger version here.

Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested

Last year, over 29,000 travelers had their devices searched at the US border.

A new report by the Department of Homeland Security’s internal watchdog has concluded that the agency does not always adequately delete data seized as part of a border search of electronic devices, among other concerns.

According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed."...

Federal authorities do not need a warrant to examine a phone or a computer seized at the border. They rely on what’s known as the "border doctrine"—the legal idea that warrants are not required to conduct a search at the border. This legal theory has been generally recognized by courts... more

Spybuster Tip #841: Device searches occur (even more often) when entering (or leaving) certain foreign countries. If you need to take your mobile device on a trip you should consider doing a data extraction on your device, before you leave... and before they do it for you.

1. To be sure you are not carrying data that you can't afford to loose.
2. To be sure you are not carrying contraband data (porn, propaganda, etc.).
   Remember, even erased data can be exhumed by them.
3. To document the actually data you are taking—to counter false accusations.

Learn more here. Upon returning a spyware detection inspection is also recommended.

Flashback: "Green You're Clean - Red You're Dead"

Detecting landline telephone taps was never as easy as this, but that didn't stop the hucksters and their magazine ads. Over thirty years ago, they preyed on people seeking cheap magic bullets to protect their privacy. Here are some of these bullets.

Most of these devices will tell you if someone picks up an extension phone (assuming basic phone service). Decently constructed wiretaps remain invisible, however.

One of these devices is totally bogus. (I tested and dissected it.)

The Technical Surveillance Countermeasures (TSCM) hucksters are still out there, these days with "professional looking" websites and even more blinky light gadgets.

Need a reality check, or second opinion, before you buy?
Ask away!

                       

Some of these gadgets date back to the 1970's. Some are still being sold today!

       

Detecting smartphone spyware is another story.

 

Thanks for viewing this collection of anti-eavesdropping mental band-aids.

  

Smartphone Spying – All They Need is Your Number and You're Pegged

When an Israeli entrepreneur went into a meeting with the infamous spyware vendor NSO, company representatives asked him if it would be OK for them to demo their powerful and expensive spying software, known as Pegasus, on his own phone.

The entrepreneur, who spoke to Motherboard on condition of anonymity because he was not authorized to talk about the meeting, agreed, but said that NSO would have to target his other iPhone, which he brought with him and had a foreign phone number. He gave NSO that phone number and put the phone on the desk.

After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said.

“I see clicking on all kinds of icons: email icon, SMS icon, and other icons,” he told Motherboard. “And suddenly I saw all my messages in there and I saw all the email in there and they were capable to open any information that was on my [iPhone].”

The entrepreneur added that the NSO representatives accessed the microphone and the camera on his iPhone. That demonstration highlighted the power of an increasingly popular product among governments: software for remotely hacking phones in order to access communications and other data from targets. more

UPDATE
Pegasus malware officially a global brand.

NSO Group's Pegasus surveillanceware has been on the market for around two years, and now researchers say the spyware has a global reach that would make most multinational corporations jealous.

CitizenLab reports that its latest analysis of the malware has found it operating in some 45 countries, usually in the hands of governments looking to keep tabs on its citizens. more