Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. The updated iOS version (7.9.0)

Spyware 98

Spyware Media Malware Hacking 98

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 117

Malware Government Software Spyware 117

Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence. The most recent samples detected by the cybersecurity firm are dated March 2024.

Spyware 79

Spyware Surveillance Encryption Malware 79

Malwarebytes

OCTOBER 30, 2024

Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor. Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024.

Spyware 143

Spyware Architecture Advertising Engineering 143

Security Affairs

APRIL 8, 2025

In March 2025, WhatsApp addressed a zero-click, zero-day vulnerability exploited to install Paragons Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen Lab group from the University of Toronto.

Spyware 116

Spyware Media Hacking Surveillance 116

The Hacker News

JANUARY 31, 2025

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.

Spyware 145

Spyware Encryption 145

The Hacker News

AUGUST 6, 2024

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.

Spyware 142

Spyware Malware Cybersecurity 142

Security Affairs

OCTOBER 22, 2024

Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. Samsung addressed the vulnerability with the release of security updates in October 2024 “A Use-After-Free in the mobile processor leads to privilege escalation.”

Firmware 145

Firmware Mobile Spyware Media 145

Security Affairs

FEBRUARY 15, 2025

However, the circumstance that the Citizen Lab researchers discovered the attack suggests that the threat actor may have used a zero-day exploit to deliver commercial spyware in highly targeted attacks. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware.

Spyware 108

Spyware DDOS Hacking Authentication 108

SecureList

MAY 15, 2025

The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Compared to Q1 2024, the figure decreased by 2.5 The main categories of threats spreading via email are malicious documents, spyware, malicious scripts and phishing pages.

Spyware 92

Spyware Phishing Internet Internet 92

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 145

Adware Spyware Mobile Technology 145

Malwarebytes

APRIL 8, 2025

Technical details The zero-days are both located in the kernel: CVE-2024-53150 : an out-of-bounds flaw in the USB sub-component of the Linux Kernel that could result in information disclosure. CVE-2024-53197 : a privilege escalation flaw in the USB audio sub-component of the Linux Kernel. Again, no user interaction is required.

Spyware 121

Spyware Software Mobile Risk 121

Security Affairs

NOVEMBER 20, 2024

Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. “Processing maliciously crafted web content may lead to a cross site scripting attack. ” reads the advisory.

Spyware 115

Spyware Hacking 115

Malwarebytes

FEBRUARY 3, 2025

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other members of civil society were targets of a spyware campaign conducted by the Israeli spyware company.

Spyware 114

Spyware Accountability Encryption Government 114

Security Affairs

AUGUST 7, 2024

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. This AES key is then encrypted using a hardcoded public RSA key embedded in the spyware.

Spyware 143

Spyware Malware Encryption Data collection 143

Malwarebytes

JULY 12, 2024

In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. At the time it warned users in 92 countries.

Spyware 142

Spyware Mobile Technology Passwords 142

Malwarebytes

MARCH 5, 2025

The CVEs assigned to the two zero-days are: CVE-2024-43093 : A possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Google confirms that CVE-2024-43093 has been under limited, targeted exploitation. Exploitation of this vulnerability requires user interaction.

Spyware 127

Spyware Mobile Software Risk 127

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. In 2024, Apple addressed six zero-day vulnerabilities in its products. As usual, the company did not share details regarding the attacks exploiting the flaw.

Spyware 120

Spyware Surveillance Media Hacking 120

The Hacker News

SEPTEMBER 22, 2023

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.

Spyware 145

Spyware 145

Security Affairs

DECEMBER 27, 2024

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. reached the end of life (EOL) on November 17, 2024, for this reason, it will not provide a fix for this release. The company noted that PAN-OS 11.0

DNS 114

DNS Firewall Spyware Software 114

Security Affairs

MAY 30, 2024

Researchers spotted a macOS version of the LightSpy surveillance framework that has been active in the wild since at least January 2024. Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024.

Spyware 138

Spyware Malware Surveillance Mobile 138

Tech Republic Security

SEPTEMBER 3, 2024

Bitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.

Antivirus 182

Antivirus Spyware Software Malware 182

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware 128

Spyware Malware Mobile Marketing 128

Security Affairs

DECEMBER 8, 2024

warn of PRC-linked cyber espionage targeting telecom networks U.S. Hackers stole millions of dollars from Uganda Central Bank International Press Newsletter Cybercrime INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million Hackers Stole $1.49

Artificial Intelligence 103

Artificial Intelligence Spyware Hacking Ransomware 103

Malwarebytes

APRIL 11, 2025

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact. The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024.

Spyware 82

Spyware Surveillance Government VPN 82

SecureList

MAY 27, 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 In the first quarter of 2024, the percentage of ICS computers on which threats from various sources were blocked decreased for every major source. in Africa to 11.5%

Spyware 127

Spyware Malware Internet Internet 127

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

NOVEMBER 19, 2024

DEEPPOST is a post-exploitation data exfiltration tool used to send files to a remote system and LIGHTSPY is a modular spyware. Volexity reported this vulnerability to Fortinet on July 18, 2024, and Fortinet acknowledged the issue on July 24, 2024.” ” reads the advisory.

VPN 119

VPN Malware Spyware Passwords 119

Security Affairs

MARCH 3, 2025

Amnesty International first found traces of this Cellebrite USB exploit used in a separate case in mid-2024.” ” In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. .”

Hacking 69

Hacking Spyware Technology Surveillance 69

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp.

Spyware 129

Spyware Surveillance Mobile Hacking 129

Security Affairs

APRIL 16, 2025

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping.

Malware 129

Malware Manufacturing Mobile Spyware 129

SecureList

SEPTEMBER 26, 2024

Statistics across all threats In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp compared to the first quarter of 2024); Malicious scripts and phishing pages (JS and HTML) – 5.69% (-0.15 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3

Spyware 110

Spyware Malware Ransomware Internet 110

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 112

Cryptocurrency Malware Hacking Ransomware 112

Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 74

Malware Spyware Ransomware Hacking 74

SecureList

SEPTEMBER 3, 2024

Quarterly figures In Q2 2024: Kaspersky solutions blocked over 664 million attacks from various internet sources. Ransomware Quarterly trends and highlights Law enforcement successes In April 2024, a criminal who developed a packer that was allegedly used by the Conti and Lockbit groups to evade antivirus detection was arrested in Kyiv.

Mobile 112

Mobile Antivirus Adware Ransomware 112

Security Affairs

DECEMBER 8, 2024

SmokeLoader Attack Targets Companies in Taiwan LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT DroidBot: Insights from a new Turkish MaaS fraud operation RedLine, A License to Steal: The Rudometov Story & Operation Magnus Unveiling RevC2 and Venom Loader Ultralytics (..)

Malware 70

Malware Spyware Phishing Hacking 70

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 74

Malware Spyware Government Mobile 74