Download, Hacking, Spyware and Surveillance

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The malware is able to steal sensitive data, record audio, and download arbitrary files.

Surveillance

Surveillance Spyware Malware Mobile

Pegasus spyware and how it exploited a WebP vulnerability

Malwarebytes

SEPTEMBER 27, 2023

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. The exploit chain based on these vulnerabilities was capable of compromising devices without any interaction from the victim and were reportedly used by the NSO Group to deliver its infamous Pegasus spyware.

Spyware

Spyware Surveillance Mobile Software

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. Upon installing the two spyware, they request extensive device permissions.

Spyware

Spyware Surveillance Mobile Malware

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. SecurityAffairs – hacking, RCS Labs). Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Sophisticated Android spyware PhoneSpy infected thousands of Korean phones

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. Zimperium concludes.

Spyware

Spyware Mobile Social Engineering Surveillance

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). However, much of the victim data points to its broader usage, which indicates targeted surveillance efforts towards minorities within Iran.”

Surveillance

Surveillance Malware Spyware Education

Spyware Zero-Days Being Developed Commercially, Google Finds

SecureWorld News

JUNE 27, 2022

The commercial spyware industry is alive and thriving, according to a report released last week by Google's Threat Analysis Group (TAG). The report specifically details an Italian vendor, RCS Labs, and its "Hermit" surveillance malware (aka spyware) used on mobile phones. RELATED: Spyware Pariah: NSO Group Placed on U.S.

Spyware

Spyware Surveillance Mobile Government

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Experts believe the attackers used a spyware developed by an Indian company called Innefu Labs. In the past, the Donot Team spyware was found in attacks outside of South Asia.

Spyware

Spyware Surveillance Accountability Mobile

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. ” concludes the report.

Spyware

Spyware Surveillance Malware Mobile

Experts spotted a new advanced Android spyware posing as “System Update”

Security Affairs

MARCH 27, 2021

Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware that masquerades itself as a System Update application. Pierluigi Paganini.

Spyware

Spyware Malware Surveillance Mobile

Kamran Spyware Targets Gilgit Baltistan Users Through Hunza News

Hackology

NOVEMBER 11, 2023

The emergence of Kamran spyware, targeting users of a regional news website, has raised concerns among cybersecurity experts. Distributed through a possible watering-hole attack on the Hunza News website , the spyware prompts users to grant permissions, allowing access to sensitive data.

Spyware

Spyware Malware Risk Mobile

APT C-23 group targets Middle East with an enhanced Android spyware variant

Security Affairs

NOVEMBER 26, 2021

A threat actor, tracked as APT C-23, is using new powerful Android spyware in attacks aimed at targets in the Middle East. The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e.

Spyware

Spyware Social Engineering Surveillance Engineering

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data. “This unlawful surveillance violates the right to privacy and stifles freedom of expression.” The link points to files containing spyware that could infect both Mac OS or Windows systems. Pierluigi Paganini.

Spyware

Spyware Surveillance Government Phishing

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. The binaries are obfuscated and do some checks to detect if the spyware is running in a Virtual Machine. SecurityAffairs – hacking, FinSpy). Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Surveillance

Surveillance Spyware Advertising Government

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

Malwarebytes

JANUARY 11, 2023

On Monday, the US Supreme Court denied the NSO Group's petition for a writ of certiorari , a request to the high court to review its case, signaling that Meta's WhatsApp can go ahead with its case against the Israeli-based company behind the Pegasus spyware. Keep threats off your devices by downloading Malwarebytes today.

Spyware

Spyware Surveillance Government Internet

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

The issue made the headline under another CVEs because it was actively exploited to deploy surveillance spyware, and it was tracked separately as CVE-2023-41064 and CVE-2023-4863. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CVE-2023-5129 ) The post Watch out!

Spyware

Spyware Surveillance Software Hacking

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Malwarebytes

AUGUST 26, 2021

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. It could also hack the iPhone 11, the latest model of that time.

Spyware

Spyware Surveillance Social Engineering Government

The Zero Click, Zero Day iMessage Attack Against Journalists

SecureWorld News

DECEMBER 23, 2020

Earlier this year, 36 journalists, producers, anchors, and executives at Al Jazeera had their personal phones hacked. Their phones were hacked through the use of an exploit chain known as KISMET, an invisible zero-click exploit in iMessage. and could hack the Apple iPhone 11. Spyware attacks becoming harder to detect.

Spyware

Spyware Surveillance Hacking Media

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Security Affairs

SEPTEMBER 9, 2018

CheckPoint uncovered an extensive surveillance operation conducted by Iranian APT actor and tracked as Domestic Kitten aimed at specific groups of individuals. ” This means that the Domestic Kitten surveillance operation had collateral victims whose details were leaked from contact lists or conversations with the targets.

Surveillance

Surveillance Mobile Advertising Spyware

Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived! A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Data breaches

Data breaches Spyware Retail Surveillance

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks

Cyber Attacks Firewall Data breaches Telecommunications

Syria-linked APT group SEA targets Android users with COVID19 lures

Security Affairs

APRIL 17, 2020

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. “STE has a history of hosting infrastructure for the Syrian Electronic Army (SEA), a Syrian state-sponsored hacking group. SecurityAffairs – SEA, hacking). The experts conclude.”It

Surveillance

Surveillance Telecommunications Mobile Advertising

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs

NOVEMBER 24, 2020

The two apps were discovered by Palo Alto Networks, which identify them, along with other apps leaking data, using a machine learning (ML)-based spyware detection system. The two apps had a total of more than 6 million downloads at the time of their discovery. SecurityAffairs – hacking, Android). ” concludes the post.

Data collection

Data collection Mobile Spyware Surveillance

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

MoonBounce UEFI implant spotted in a targeted APT41 attack

Security Affairs

JANUARY 21, 2022

“The purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet;” reads the analysis published by Kaspersky. SecurityAffairs – hacking, MoonBounce). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Malware Spyware Surveillance

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybercriminals often use malware to gain access to a computer or mobile device to deploy viruses, worms, Trojans, ransomware, spyware, and rootkits. FormBook FormBook is an information stealer advertised in hacking forums. AZORult's developers are constantly updating its capabilities. Qakbot can also be used to form botnets.

Malware

Malware Banking Healthcare Penetration Testing

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Vulnerability in Medtronic insulin pumps allow hacking devices. ViceLeaker Android spyware targets users in the Middle East. China installs a surveillance app on tourists phones while crossing in the Xinjiang. Updates for Samsung, the scam app with 10M+ downloads. Is Your Browser Secure? Bangladesh Cyber Heist 2.0:

Scams

Scams Spyware DNS Advertising

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

Following this, they were tricked into downloading previously unknown malware. Upon further investigation we also discovered additional implants deployed through both ShadowPad and ShadowShredder, such as Quarian backdoor, PlugX, Poison Ivy and other hack tools. This downloader fetches additional malware from compromised C2 servers.

Malware

Malware Government Surveillance Spyware

APT trends report Q1 2021

SecureList

APRIL 27, 2021

During routine monitoring of detections for FinFisher spyware tools, we discovered traces that point to recent FinFly Web deployments. It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. FinFly Web is, in essence, a suite of tools and packages that implement a web-based exploitation server.

Malware

Malware Spyware Government Social Engineering

The Hacker Mind Podcast: Surviving Stalkerware

ForAllSecure

SEPTEMBER 21, 2021

The Federal Trade Commission in the United States, banned an app called SpyPhone, and its CEO Scott Zuckerman, from operating in the surveillance industry. The FTC claims that spy phones secretly harvested and shared data on people's physical movements phone news online activities through a hidden hack. So I hope you'll stick around.

Technology

Technology Software Surveillance Media

Cyber Security Informer

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Pegasus spyware and how it exploited a WebP vulnerability

Webinars

Trending Sources

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Webinars

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Sophisticated Android spyware PhoneSpy infected thousands of Korean phones

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Spyware Zero-Days Being Developed Commercially, Google Finds

Donot Team targets a Togo prominent activist with Indian-made spyware

Experts spotted two Android spyware used by Indian APT Confucius

Experts spotted a new advanced Android spyware posing as “System Update”

Kamran Spyware Targets Gilgit Baltistan Users Through Hunza News

APT C-23 group targets Middle East with an enhanced Android spyware variant

APT32 state hackers target human rights defenders with spyware

Unknown FinSpy Mac and Linux versions found in Egypt

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

The Zero Click, Zero Day iMessage Attack Against Journalists

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Syria-linked APT group SEA targets Android users with COVID19 lures

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

MoonBounce UEFI implant spotted in a targeted APT41 attack

Top 10 Malware Strains of 2021

Security Affairs newsletter Round 221 – News of the week

APT trends report Q3 2021

APT trends report Q1 2021

The Hacker Mind Podcast: Surviving Stalkerware

Stay Connected