Data collection and Spyware - Cyber Security Informer

Data collection

Spyware

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

China-Linked Apps Pose Threat to Google Play Store Users

SecureWorld News

JULY 10, 2023

The Google Play Store, a widely-trusted source for Android applications, has recently become a battleground for a concerning wave of spyware with ties to China. Operating under the radar, these apps silently collect and transmit sensitive data to servers based in China, posing significant risks to user data security and privacy.

Spyware

Spyware Cyber threats Mobile Data collection

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs

NOVEMBER 24, 2020

The two apps were discovered by Palo Alto Networks, which identify them, along with other apps leaking data, using a machine learning (ML)-based spyware detection system. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps.

Data collection

Data collection Mobile Spyware Surveillance

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TheTruthSpy stalkerware, still insecure, still leaking data

Malwarebytes

FEBRUARY 13, 2024

In 2022, tech publication TechCrunch discovered that TheTruthSpy and other spyware apps share a common Insecure Direct Object Reference (IDOR) vulnerability, CVE-2022-0732. The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

Spyware

Spyware Data collection Malware Hacking

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Every third email, meanwhile, contained spyware , which is used by threat actors to steal payment data or other sensitive info to then put it on sale in the darknet or blackmail its owner. Ransomware operators have focused on targeted attacks,choosing large victims with a higher payment capacity.

Phishing

Phishing Ransomware Spyware Banking

On the 20th Safer Internet Day, what was security like back in 2004?

Malwarebytes

FEBRUARY 6, 2023

Data collected by the Internet Storm Center dug into “Survival Time History”, which is “calculated as the average time between reports for an average target IP address. The pop up blocker in particular was a big help with the proliferation of adware and spyware plugging into advertising networks.

Internet

Internet Internet Adware Spyware

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

MARCH 14, 2019

The domain name used for the sniffer’s codes storage and as a gate for stolen data collection was registered on May 7, 2018. We dubbed this JS Sniffer family GMO because the malware uses gmo[.]li li host.”. GMO can detect Firebug and Google Developer Tools, which allows the sniffer to remain undetected.

eCommerce

eCommerce Marketing Data breaches Advertising

The State of Stalkerware in 2023–2024

SecureList

MARCH 13, 2024

To calculate the statistics, data from the consumer line of Kaspersky’s mobile security solutions was reviewed according to the Coalition Against Stalkerware detection criteria. Other types of monitoring or spyware apps that fall outside of the Coalition’s definition are not included in the statistics found here.

Mobile

Mobile Passwords Surveillance Technology

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

Experts spotted a rare Linux Desktop spyware dubbed EvilGnome. Israel surveillance firm NSO group can mine data from major social media. Poland and Lithuania fear that data collected via FaceApp could be misused. Scraping the TOR for rare contents. The Problem With the Small Business Cybersecurity Assistance Act.

Small Business

Small Business Media Spyware DNS

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

Both can be used to steal user data, collect information about the corporate network, and spread additional malware, such as ransomware. Noon spyware (4.89%) moved up to second place, and Badun Trojans (4.61%) spreading as archived electronic documents moved down to third place.

Phishing

Phishing Scams Accountability Energy and Utilities

$12m Grindr fine shows GDPR’s got teeth

Malwarebytes

JANUARY 28, 2021

Data privacy, and privacy policies, are an “uncool” story for many. Yet much of the bad old days of Adware/spyware from 2005 – 2008 was dependent on bad policies and leaky data sharing. Everyone wants to see the latest hacks, or terrifying takeovers. While companies would occasionally be brought before the FTC , this was rare.

Advertising

Advertising Data privacy Adware Spyware

FinSpy: unseen findings

SecureList

SEPTEMBER 28, 2021

Kaspersky has been tracking deployments of this spyware since 2011. Based on the data collected by the Post-Validator, it is most likely that: The Post-Validator is deployed to ensure that the infected victim is the intended one. FinSpy, also known as FinFisher or Wingbird , is an infamous surveillance toolset.

Encryption

Encryption Malware Spyware Architecture

APT trends report Q2 2023

SecureList

JULY 27, 2023

Following this, we released the first of a series of additional reports describing the final payload in the infection chain: a highly sophisticated spyware implant that we dubbed “TriangleDB” Operating in memory, this implant periodically communicates with the C2 (command and control) infrastructure to receive commands.

Malware

Malware Government Phishing Social Engineering

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

This politician became the target of a previously undiscovered “zero-day” attack aimed at infecting his phone with spyware. This may include automatic data collection from the victim’s online presence, such as social media posts, media comments, or authored columns: any content associated with the victim’s identity.

Hacking

Hacking Energy and Utilities Media Malware

In conversation: Bruce Schneier on AI-powered mass spying

Malwarebytes

JANUARY 29, 2024

I have access to AI tools in a way that I don’t have access to data collection regimes. There’s an entire industry of super creepy spyware that is sold to people who want to spy on their wives and girlfriends. What about people? So, are people going to spy on people? It’s more one-on-one.

Surveillance

Surveillance Government Advertising Spyware

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

China-Linked Apps Pose Threat to Google Play Store Users

Webinars

Trending Sources

Baidu Android apps removed from Play Store because caught collecting user details

Webinars

TheTruthSpy stalkerware, still insecure, still leaking data

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

On the 20th Safer Internet Day, what was security like back in 2004?

Payment data of thousands of customers of UK and US online stores could have been compromised

The State of Stalkerware in 2023–2024

Security Affairs newsletter Round 223 – News of the week

Spam and phishing in 2022

$12m Grindr fine shows GDPR’s got teeth

FinSpy: unseen findings

APT trends report Q2 2023

Advanced threat predictions for 2024

In conversation: Bruce Schneier on AI-powered mass spying

Stay Connected