A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people.
Read more in my article on the Hot for Security blog.
Category: spyware
Kaspersky is reporting on a new type of smartphone malware.
The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”
That’s a tactic I have not heard of before.
After the Israeli company NSO Group developed the Pegasus spyware, users of WhatsApp have now become the targets of another spyware, this time created by the Israeli firm Paragon. In the previous instance, multiple entities acquired Pegasus, originally designed for government surveillance, to spy on WhatsApp users. However, in this new case, Paragon, the software company, is facing the accusations.
WhatsApp has uncovered evidence that at least 90 individuals from over 50 countries were targeted by the Graphite malicious software for surveillance purposes. As a result, WhatsApp, a subsidiary of Meta, has sent a “Cease and Desist” letter to Paragon, warning the company of the legal consequences they may face for engaging in unlawful cyber activities.
The letter describes the Graphite Spyware as a tool used for espionage without the victim’s consent, primarily designed to collect sensitive information such as messages, calls, contacts, photos, videos, and in some cases, banking details. This stolen data is then transmitted to remote servers for further use.
Paragon, which claims to develop ethically responsible tools on its website, has also received a similar letter with legal obligations sent to law enforcement agencies and Citizen Lab, an organization dedicated to protecting human rights online.
In 2021-2022, Meta also fought a legal battle with NSO Group for selling its Pegasus spyware to third parties who used it to target over 1,400 WhatsApp users in 2019. This list of victims included Amazon’s CEO Jeff Bezos, whose extramarital affair was exposed through the spyware. After thorough investigation, Meta confirmed the allegations, leading to a halt of NSO’s operations in the United States.
Now, Paragon may face a similar outcome. With the evidence collected by WhatsApp, the surveillance tool maker appears to be guilty of the accusations.
If this issue escalates to the White House and attracts significant attention, Paragon may also lose its contract with U.S. Immigration and Customs Enforcement (ICE), a deal worth $2 million or more.
The post WhatsApp users targeted by Paragon Spyware appeared first on Cybersecurity Insiders.
This is yet another story of commercial spyware being used against journalists and civil society members.
The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.”
It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.
Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.
What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.
This tool seems to do a pretty good job.
The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify’s infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spyware—as it did in the seven recent Pegasus discoveries.
The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
Interesting analysis:
Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.
As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist who specializes in covering spyware and hacking.
Italian spyware is cheaper and easier to use, which makes it more widely used. And Italian companies have been in this market for a long time.
In episode 18 of "The AI Fix" our hosts discover that OpenAI's Advanced Voice mode is too emotional for Europeans, a listener writes a Viking saga about LinkedIn, ChatGPT is a terrible doctor, and the voice of Meta AI takes to Meta's platforms to complain about Meta AI reading things people post on Meta's platforms.
Mark discovers what Darth Vader really said on Cloud City, Graham rummages through ChatGPT's false memories, and our hosts find out why AIs need an inner critic.
All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.