October 16, 2023 at 06:30AM
Messaging app Signal denies the existence of a zero-day flaw in its software, stating that it found no evidence to support the claim. The company has checked with the U.S. government and is urging users with legitimate information to report it. As a precaution, users have been advised to disable link previews in the app. Additionally, zero-day exploits in messaging apps like WhatsApp are being sold to nation-state threat actors for millions of dollars. Spyware attacks using Predator malware have targeted individuals and institutions, with infections managed through a web-based system called the “Cyber Operation Platform.” Commercial surveillance vendors are also seeking to infect mobile devices globally through ad networks.
From the meeting notes provided, the key takeaways are as follows:
1. Signal, the encrypted messaging app, has pushed back against reports of a zero-day flaw in its software. They have found no evidence to support the claim and have urged those with legitimate information to report it to [email protected].
2. As a security precaution, it is advised to turn off link previews in the app. This can be done by going to Signal Settings > Chats > Generate link previews.
3. Zero-day flaws in messaging apps like WhatsApp are being sold for significant amounts of money, ranging from $1.7 to $8 million.
4. Nation-state threat actors find zero-day flaws in iMessage, Signal, and WhatsApp lucrative as they can use them to gain remote access to mobile devices and surveil targets.
5. Spyware attacks have been attempted against journalists, politicians, and academics in the European Union, the U.S., and Asia. These attacks aim to deploy Predator, a spyware developed by the Intellexa alliance.
6. Social media platforms like X (formerly Twitter) and Facebook were used to publicly target accounts belonging to individuals and institutions. This was linked to a customer with connections to Vietnam.
7. The spread of infections included an anonymous account on X named @Joseph_Gordon16, which attempted to lure targets into clicking links that would install Predator malware. The threat actor responsible is tracked under the name REPLYSPY by The Citizen Lab.
8. Predator spyware infections are managed through the “Cyber Operation Platform,” allowing operators to initiate attack attempts, retrieve sensitive information from infected devices, and more.
9. Intellexa offers other products, including Mars and Jupiter, which are used for network injection and targeting mobile devices through the digital advertising ecosystem.
10. For more exclusive content, it is recommended to follow the company on Twitter and LinkedIn.
These are the main highlights from the meeting notes provided.