Information Security, Malware and Surveillance

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. ” reads the report published by Lookout.

Surveillance

Surveillance Mobile Spyware Malware

New PumaBot targets Linux IoT surveillance devices

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance

Surveillance IoT Malware Manufacturing

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. Development traces back to at least 2018.

Spyware

Spyware Surveillance Technology Mobile

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. NSOs witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.

Spyware

Spyware Surveillance Software Hacking

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

Security Affairs

AUGUST 6, 2022

Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware , Reuters reported citing two sources present.

Surveillance

Surveillance Malware Spyware Government

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. ” reads a court filing.

Spyware

Spyware Surveillance Malware Hacking

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). reads the court document.

Spyware

Spyware Hacking Surveillance Malware

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Security Affairs

DECEMBER 22, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Spyware Surveillance Cybercrime

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. The move aims at fighting the advertising of any form of surveillance. The tech giant announced that the update will be effective starting from August 11, 2020. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Marketing

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Surveillance

Surveillance Hacking Banking Firmware

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Software

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Both groups have conducted long-running cyber-attacks and intrusive surveillance campaigns, which target both individuals’ mobile devices and personal computers.”

Surveillance

Surveillance Mobile Malware Cyber Attacks

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Hacking

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In June 2022, the controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region.

Spyware

Spyware Government Surveillance Hacking

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). continues the report.

Surveillance

Surveillance Malware Spyware Accountability

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The group targets entities in Europe and Central America with a surveillance tool dubbed Subzero. SecurityAffairs – hacking, Subzero malware). ” concludes Microsoft. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

Is the Belarusian government behind the surveillance Android app banned by Google?

Security Affairs

SEPTEMBER 3, 2020

According to an anonymous Belarusian security researcher the app was designed for surveillance purposes, it collects info on the device owner and geolocation data, then periodically sends the data back to a remote server. The post Is the Belarusian government behind the surveillance Android app banned by Google?

Surveillance

Surveillance Government Advertising Malware

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. The researchers state that the threat is a relatively new malware family with early samples going back to March 2022.

Spyware

Spyware Surveillance Encryption Malware

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Apple fixed the first actively exploited zero-day of 2025

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. Customers are recommended to install the security updates released by the company. As usual, the company did not share details regarding the attacks exploiting the flaw.

Spyware

Spyware Surveillance Media Hacking

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. .”

Surveillance

Surveillance Software Spyware Hacking

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

The malware also grants attackers access to the devices system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. . Additionally, the list references “Enigma,” which may correspond to the secure messaging platform of the same name.”

Data collection

Data collection Spyware Media Surveillance

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

Surveillance

Surveillance Spyware Software Government

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream.

Surveillance

Surveillance Spyware Government Hacking

European Data Protection Supervisor call for bans on surveillance spyware like Pegasus

Security Affairs

FEBRUARY 17, 2022

The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU. Pegasus was used by governments with dubious human rights records and histories of abusive behaviour by their state security services. ” continues EDPS.

Surveillance

Surveillance Spyware Government Software

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Security Affairs

APRIL 8, 2025

In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). The company confirmed that the issue was fixed in December 2024 without a client-side update, and no CVE-ID was assigned.

Spyware

Spyware Media Hacking Surveillance

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Malware Government

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

DECEMBER 12, 2024

Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. These are the first known mobile malware families linked to the Russian APT. These findings tie the mobile surveillance families to Gamaredons desktop campaigns. PlainGnome uses a two-stage deployment.

Mobile

Mobile Malware Surveillance Social Engineering

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. Bazar is a lesser known spelling of Bazaar.” List of installed packages.

Surveillance

Surveillance Spyware Malware Mobile

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

. — Operation Zero (@opzero_en) March 20, 2025 A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including: Government and Intelligence Demand Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures.

Government

Government Surveillance Mobile Hacking

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Security Affairs

MARCH 29, 2025

“This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.” ” The new threat mimics modern banking malware, using overlay attacks, keylogging, and remote access. ” ThreatFabric concludes.

Banking

Banking Mobile Identity Theft Malware

UAE government denies using ToTok for mass surveillance

Security Affairs

DECEMBER 30, 2019

The United Arab Emirates denied reports that the popular mobile app ToTok was used as part of a government massive surveillance program. According to a report recently published by the New York Times , the popular app ToTok was used by the UAE government as a surveillance tool. SecurityAffairs – ToTok, surveillance).

Surveillance

Surveillance Government Telecommunications Advertising

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

Russian national indicted for attempting to recruit Tesla employee to install malware

Security Affairs

SEPTEMBER 7, 2020

US authorities have indicted a Russian national for conspiring to recruit a Tesla employee to install malware onto the company’s infrastructure. Russian national Egor Igorevich Kriuchkov (27) has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company’s network.

Malware

Malware Advertising Surveillance Hacking

Russia’s FSB used spyware against a Russian programmer

Security Affairs

DECEMBER 7, 2024

The Federal Security Service (FSB) used spyware to monitor a Russian programmer, Kirill Parubets, after he was detained earlier this year for allegedly donating to Ukraine. These extended capabilities suggest that the malware aims for comprehensive surveillance of the target device. ” continues the report.

Spyware

Spyware Passwords Encryption Surveillance

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Security Affairs

MARCH 19, 2021

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty.

Malware

Malware Surveillance Hacking Technology

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages.

Malware

Malware Phishing Surveillance Internet

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. He declined to comment on the particulars of the extortion incident. ”

Hacking

Hacking Ransomware Banking Accountability

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Software Architecture

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

New PumaBot targets Linux IoT surveillance devices

Trending Sources

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

NSO Group used WhatsApp exploits even after Meta-owned company sued it

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

US NCSC and DoS share best practices against surveillance tools

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Google updates policies to ban any ads for surveillance solutions and services

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

White hat hackers gained access more than 150,000 surveillance cameras

German authorities raid the offices of the FinFisher surveillance firm

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Poland probes Pegasus spyware abuse under the PiS government

Iranian govt uses BouldSpy Android malware for internal surveillance operations

European firm DSIRF behind the attacks with Subzero surveillance malware

Is the Belarusian government behind the surveillance Android app banned by Google?

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Apple fixed the first actively exploited zero-day of 2025

EU officials were targeted with Israeli surveillance software

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Israeli surveillance firm QuaDream emerges from the dark

European Data Protection Supervisor call for bans on surveillance spyware like Pegasus

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

UAE government denies using ToTok for mass surveillance

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Russian national indicted for attempting to recruit Tesla employee to install malware

Russia’s FSB used spyware against a Russian programmer

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

APT28 targets key networks in Europe with HeadLace malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Stay Connected