spyware

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials

by

March 5, 2024 at 04:00PM The Treasury Department sanctioned a Greece-based spyware company, Intellexa Consortium, and its associated entities for developing and distributing spyware tools known as Predator targeting U.S. government officials and journalists. The sanctions mark the first time for misusing spyware, and the Commerce Department had previously blacklisted these entities. The spyware allows … Read more

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

by

March 2, 2024 at 02:06AM A US judge ordered NSO Group to hand over its source code for Pegasus and other products to Meta, in light of ongoing litigation. This follows allegations that the spyware was distributed via infrastructure belonging to Meta, affecting 1,400 mobile devices, including Indian activists and journalists. NSO Group has been … Read more

Judge orders NSO to cough up Pegasus super-spyware source code

by

March 1, 2024 at 04:43PM Israel-based NSO Group has been ordered by a California federal judge to share the source code for its Pegasus spyware with Meta’s WhatsApp due to a 2019 lawsuit for alleged spying on 1,400 users. The ruling covers the period from April 2018 to May 2020 and represents a legal setback … Read more

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

by

February 19, 2024 at 08:51AM Meta Platforms curtailed malicious activity from firms in Italy, Spain, and the U.A.E. operating in surveillance-for-hire. Spyware targeted iOS, Android, and Windows devices, collecting device info, media, and enabling camera and microphone. Accounts in Italy and Spain were involved in social engineering. Meta also acted on coordinated inauthentic behavior from … Read more

Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed

by

February 16, 2024 at 10:03AM A contract between NSO Group and Ghana’s telecom regulator suggests a new infection technique, “MMS Fingerprint,” allowing device identification without user interaction. Enea tested and confirmed this method, raising concerns about potential malicious use. While not seen in the wild, it poses potential security risks. Operators and subscribers can take … Read more

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

by

January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are … Read more

Most Sophisticated iPhone Hack Ever Exploited Apple’s Hidden Hardware Feature

by

December 28, 2023 at 06:42AM The Operation Triangulation spyware targeting Apple iOS devices utilized unprecedented exploits to bypass hardware-based security. The sophisticated attack, active since 2019, used four zero-day flaws to gain access to iOS devices and gather sensitive information. Patches were released by Apple, with 20 zero-days resolved this year. A particular vulnerability, CVE-2023-38606, … Read more

Think tank report labels NSO, Lazarus, as ‘cyber mercenaries’

by

December 13, 2023 at 01:07AM A Delhi-based think tank’s report argues that cybercrime groups and spyware vendors like Lazarus Group and NSO should be categorized as cyber mercenaries and face an international response. The usage of information technology in operations justifies this term. Concerns about the growth of this market and the need for legislation … Read more

CanesSpy Spyware Discovered in Modified WhatsApp Versions

by

November 3, 2023 at 09:42AM Researchers have discovered modified versions of WhatsApp for Android that contain spyware called CanesSpy. These versions are being spread through sketchy websites and Telegram channels primarily used by Arabic and Azerbaijani speakers. The spyware is designed to activate when the phone is turned on or charging, and it sends information … Read more

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

by

October 24, 2023 at 03:03PM Kaspersky has released a report detailing the iOS zero-click attacks it suffered. Dubbed ‘Operation Triangulation’, the attacks used malicious iMessage attachments to exploit a zero-day vulnerability and deploy spyware named TriangleDB. The attackers implemented stealth techniques to avoid detection, including using two validators to collect device information and ensure the … Read more