Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. The updated iOS version (7.9.0) The updated iOS version (7.9.0)

Spyware 98

Spyware Media Malware Hacking 98

Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Kaspersky first documented the operations of the group in 2016. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence.

Spyware 80

Spyware Surveillance Encryption Malware 80

Security Affairs

APRIL 23, 2025

A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Android spyware)

Spyware 84

Spyware Software Malware Hacking 84

SecureList

MAY 15, 2025

Percentage of ICS computers on which denylisted internet resources were blocked, Jan 2022Mar 2025 Changes in the percentage of ICS computers on which initial-infection malware was blocked lead to changes in the percentage of next-stage malware. times more than in the previous quarter) and malicious documents (1.1

Spyware 88

Spyware Phishing Internet Internet 88

Security Affairs

FEBRUARY 11, 2021

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius.

Spyware 144

Spyware Surveillance Malware Mobile 144

Security Affairs

FEBRUARY 24, 2021

The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data. ” The attack chain begins with spear-phishing messages that include a link to an alleged important document to download. The link points to files containing spyware that could infect both Mac OS or Windows systems.

Spyware 130

Spyware Government Surveillance Phishing 130

Security Affairs

AUGUST 15, 2020

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Spyware 144

Spyware Malware Advertising Cryptocurrency 144

Security Affairs

JUNE 22, 2020

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. The post Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware appeared first on Security Affairs. ” states the report.

Spyware 144

Spyware Surveillance Mobile Advertising 144

Schneier on Security

JANUARY 22, 2018

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. The campaigns span across 21+ countries and thousands of victims.

Malware 180

Malware Spyware Manufacturing Mobile 180

Security Affairs

APRIL 16, 2024

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. 217:52202, which also hosts an administrator panel accessible on port 3458.

Spyware 134

Spyware Mobile Malware Encryption 134

Krebs on Security

SEPTEMBER 12, 2023

7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group.

Spyware 316

Spyware Software Surveillance Authentication 316

Security Affairs

MAY 23, 2022

The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. ” In December a report published by CitizenLab, when its researchers detailed the use of the Predator Spyware against exiled politician Ayman Nour and the host of a popular news program. To nominate, please visit:?

Spyware 145

Spyware Surveillance Government Banking 145

Security Affairs

MAY 30, 2024

Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024. LightSpy is a modular spyware that has resurfaced after several months of inactivity, the new version supports a modular framework with extensive spying capabilities.

Spyware 138

Spyware Malware Surveillance Mobile 138

Security Affairs

APRIL 25, 2020

Facebook advocates have challenged a plea from spyware maker NSO Group to dismiss the legal dispute over the hacking accusations, arguing it has immunity from prosecution. according to court documents shared by ZdNet, Facebook linked at least 720 attacks against WhatsApp users to one single IP address. Pierluigi Paganini.

Spyware 133

Spyware Surveillance Advertising Mobile 133

Security Affairs

NOVEMBER 26, 2021

A threat actor, tracked as APT C-23, is using new powerful Android spyware in attacks aimed at targets in the Middle East. The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e.

Spyware 121

Spyware Social Engineering Surveillance Engineering 121

SecureList

DECEMBER 27, 2024

Changes in the percentage of ICS computers on which malicious objects were blocked in selected industries Diversity of detected malicious objects In the third quarter of 2024, Kaspersky’s protection solutions blocked malware from 11,882 different malware families in various categories on industrial automation systems.

Malware 104

Malware Spyware Internet Internet 104

Security Affairs

JULY 19, 2022

Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. Experts have yet to determine how the victims are initially compromised by this spyware.

Spyware 98

Spyware Malware Authentication Architecture 98

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 134

Malware Phishing Spyware Cyber threats 134

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware 106

Spyware Surveillance Telecommunications Mobile 106

We Live Security

JULY 19, 2022

Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs. The post I see what you did there: A look at the CloudMensis macOS spyware appeared first on WeLiveSecurity.

Spyware 103

Spyware Malware 103

Security Affairs

OCTOBER 19, 2020

Researchers spotted new variants of the Windows GravityRAT spyware that now can also infect Android and macOS devices. Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware 139

Malware Computers and Electronics Spyware Advertising 139

Security Affairs

MARCH 30, 2019

Security researchers have found a new government spyware, tracked as Exodus, that was distributed through the Google Play Store. The malware was tracked as Exodus, after the name of the command and control servers the malicious apps connected to.

Government 111

Government Malware Spyware Surveillance 111

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware.

Malware 130

Malware Spyware Phishing Cyber threats 130

Malwarebytes

APRIL 11, 2022

A credential-stealing Windows-based malware, Spyware.FFDroider , is after social media credentials and cookies, according to researchers at ThreatLabz. The spyware is offered on download sites pretending to be installers for freeware and cracked versions of paid software. The version analyzed by the researchers was packed with Aspack.

Media 145

Media Malware Spyware Accountability 145

Security Affairs

JULY 21, 2021

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. Thus, a “Malware-as-a-Service” scheme is used. ” continues the report.

Spyware 114

Spyware Malware Cybercrime Advertising 114

SecureList

NOVEMBER 28, 2024

We also found Cobalt Strike beacons and several traces tying this actor to the ShadowPad malware and UNC2643 activity, which is in turn associated with the HAFNIUM threat actor. Epeius is a commercial spyware tool developed by an Italian company that claims to provide intelligence solutions to law enforcement agencies and governments.

Malware 118

Malware Government Software Spyware 118

Security Affairs

AUGUST 24, 2021

Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy NSO Group’s Pegasus spyware on Bahraini activists’ devices.

Spyware 98

Spyware Surveillance Hacking Mobile 98

Security Affairs

OCTOBER 11, 2021

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Experts believe the attackers used a spyware developed by an Indian company called Innefu Labs. In the past, the Donot Team spyware was found in attacks outside of South Asia. Pierluigi Paganini.

Spyware 102

Spyware Surveillance Accountability Mobile 102

Malwarebytes

JUNE 28, 2024

Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.” He called Temu “functionally malware and spyware,” adding that the app was “purposefully designed to gain unrestricted access to a user’s phone operating system.”

Malware 145

Malware Manufacturing Spyware Mobile 145

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Security Affairs

DECEMBER 12, 2024

The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure. These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. Ltd. () used by public security bureaus in mainland China.

Surveillance 66

Surveillance Mobile Spyware Malware 66

SecureList

DECEMBER 5, 2024

We in the Global Research and Analysis Team do the same – and over the years we have developed our own IDA plugin named hrtng that is specifically designed to aid us with malware reverse engineering. To do that, we will analyze a component of the FinSpy malware , a sophisticated commercial spyware program for multiple platforms.

Engineering 134

Engineering Malware Spyware Encryption 134

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. The new malware appears to have been developed recently, but threat actors might have used Backdating, or timestomping to thwart analysis attempts (anti-forensics).

Malware 135

Malware Advertising Spyware Government 135

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). continues the report.

Surveillance 98

Surveillance Malware Spyware Accountability 98

SecureList

SEPTEMBER 8, 2022

Among global regions, Africa ranked highest based on the percentage of ICS computers on which malware was blocked when removable media was connected. Regions ranked by percentage of ICS computers on which malware was blocked when removable media was connected, H1 2022. Diversity of malware. Malicious documents.

Spyware 126

Spyware Cryptocurrency Phishing Ransomware 126

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. In the past, the Donot Team spyware was found in attacks outside of South Asia. In the latest attacks, the group sent messages using RTF documents that trick users into enabling macros. ” continues the report.

Malware 100

Malware Spyware Phishing Government 100

CSO Magazine

MARCH 24, 2022

A new email campaign designed to spread the Vidar spyware package uses a novel technique involving Microsoft Compiled HTML help files, according to a blog post released today by Trustwave. The help files, which use the suffix “CHM,” are packaged in an ISO along with the Vidar payload in what appears to be a Word document.

Spyware 106

Spyware Malware 106