Patch as soon as you can - that recent WebKit zero-day affecting new iPhones is apparently being used against older models, too.
Category: spyware
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware.
Read more in my article on the Tripwire State of Security blog.
Yet another basic human rights violation, courtesy of NSO Group: Citizen Lab has the details:
Key Findings
- We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.
- We forensically confirmed that at least 30 individuals were infected with NSO Group’s Pegasus spyware.
- The observed infections took place between October 2020 and November 2021.
- The ongoing investigation was triggered by notifications sent by Apple to Thai civil society members in November 2021. Following the notification, multiple recipients made contact with civil society groups, including the Citizen Lab.
- The report describes the results of an ensuing collaborative investigation by the Citizen Lab, and Thai NGOs iLaw, and DigitalReach.
- A sample of the victims was independently analyzed by Amnesty International’s Security Lab which confirms the methodology used to determine Pegasus infections.
[…]
NSO Group has denied any wrongdoing and maintains that its products are to be used “in a legal manner and according to court orders and the local law of each country.” This justification is problematic, given the presence of local laws that infringe on international human rights standards and the lack of judicial oversight, transparency, and accountability in governmental surveillance, which could result in abuses of power. In Thailand, for example, Section 112 of the Criminal Code (also known as the lèse-majesté law), which criminalizes defamation, insults, and threats to the Thai royal family, has been criticized for being “fundamentally incompatible with the right to freedom of expression,” while the amended Computer Crime Act opens the door to potential rights violations, as it “gives overly broad powers to the government to restrict free speech [and] enforce surveillance and censorship.” Both laws have been used in concert to prosecute lawyers and activists, some of whom were targeted with Pegasus.
A few months ago, Ronan Farrow wrote a really good article on NSO Group and its problems. The company was itself hacked in 2021.
L3Harris Corporation was looking to buy NSO Group, but dropped its bid after the Biden administration expressed concerns. The US government blacklisted NSO Group last year, and the company is even more toxic than it was as a result—and a mess internally.
In another story, the nephew of jailed Hotel Rwanda dissident was also hacked by Pegasus.
EDITED TO ADD (7/28): The House Intelligence Committee held hearings on what to do about this rogue industry. It’s important to remember that while NSO Group gets all the heat, there are many other companies that do the same thing.
John-Scott Railton at the hearing:
If NSO Group goes bankrupt tomorrow, there are other companies, perhaps seeded with U.S. venture capital, that will attempt to step in to fill the gap. As long as U.S. investors see the mercenary spyware industry as a growth market, the U.S. financial sector is poised to turbocharge the problem and set fire to our collective cybersecurity and privacy.
Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way.
Apple has announced a ‘Lockdown Mode’ in its upcoming iOS 16 and iPadOS 16 software and the feature is to protect its users against spyware like Pegasus and other malicious software
Aimed at journalists, activists, and politicians, the feature that will be activated by default will assist users in saving themselves from targeted cyber attacks.
Israel-based company developed spyware dubbed Pegasus a few years ago and said that the objective aimed behind the software development was to help governments and law enforcement agencies conduct espionage on intended targets that are termed as a threat to National Security.
However, the spying tool reached the hands of a Saudi Prince who somehow circulated the malicious surveillance software among public dignitaries like Amazon boss Jeff Bezos for reasons.
To counter such spyware in the future, Apple Inc has introduced a feature called ‘Lockdown Mode’ that blocks attachments, disables links in messages, emails, and other services, and blocks invitations and face time calls from little-known sources.
Showing its commitment to offering utmost security to its users, Apple announced the launch of the Rapid Security Response feature that automatically patches exploits as soon as they are rolled out. The feature will be available to Mac devices and will not need a reboot for the application.
Note 1- In the year 2021, the American technology giant that produces the prestigious iPhone filed a lawsuit in a Californian court against NSO Group based in Israel. The company sought permission to block Pegasus from invading its products and is also asking for compensation for the damage that took place so far.
Note 2- In May this year, Google’s Threat Analysis team discovered a new spyware tool invading the Android ecosystem of mobiles. The tool’s name is Hermit and was developed by RCS Lab in the year 2021. Its aim is to target the mobiles of celebrities and transmit data intelligence from their mobiles to remote servers. And the information that is being sent to Command and Control Servers includes contacts, photos, videos, messages, and e-wallet-related data.
Note 3- Apple is also offering a $2 million reward for those who can find meaningful flaws in its Lockdown Mode and also announced that it will add the money gained from the lawsuit against NSO to the $10 million grant that will help businesses that analyze, mitigate and prevent highly sophisticated cyber attacks.
The post Apple launches Lockdown Mode to protect its users against spyware appeared first on Cybersecurity Insiders.
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies.
Read more in my article on the Tripwire State of Security blog.
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. “Lockdown Mode” is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It’s an optional feature for users who believe their computers […]… Read More
The post Lockdown Mode: Apple to protect users from targeted spyware attacks appeared first on The State of Security.
Google Threat Analysis team has discovered a new spyware tool that was being fraudulently installed on iPhones and Android devices by a group of hackers in Italy. The tech search giant revealed the information and threw some light on how the spyware industry was flourishing.
Mobile security researchers from Google claim that RCS Lab made the spyware and was targeting mobiles without the consent or knowledge of the user. Similar to NSO’s Pegasus software, the spying tool was also hitting the smartphones of political party leaders, activists, and journalists to gather and transmit intelligence to remote servers.
A freshly released update from Lookout also confirms the use of a surveillance tool on several communication devices of dignitaries from across the world. The study confirmed that the development of such tools will cause a dent in national integrity as they are being used to spying on government officials, human rights activists, journalists, academics, and business executives, including Saudi Prince.
Cybersecurity Insiders have learned that the tool name is Hermit and was also been profusely found on android phones used by government officials in Kazakhstan.
What’s interesting in this whole scenario is the fact that Hermit was also being used by government officials of Kazakhstan to spy on smartphone users living on borders.
This means that RCS might have also sold the spying software to third parties along with government agencies, which is strictly against the rules of the government.
Note 1- In April this year, Hermit the spying malware was also found on mobile phones operating in the Kurdish Region of Syria. It was caught recording audio and video calls, collecting data such as photos, messages, contacts, location, and such facts.
Note 2- The spread of Hermit is taking place in the traditional fashion through message and email links. So, beware of messages that are coming from unknown senders.
The post Italian spyware targets Apple and Android smartphones says Google appeared first on Cybersecurity Insiders.
Lookout has announced the discovery of an enterprise-grade Android surveillanceware currently used by the government of Kazakhstan within its borders. Lookout researchers also found evidence of deployment of the spyware – which Lookout researchers have named “Hermit” – in Italy and in northeastern Syria.
Hermit is likely developed by Italian spyware vendor RCS Lab S.p.A. and Tykelab Srl, a telecommunications solutions company that may be operating as a front company. RCS Lab, a known developer that has past dealings with countries such as Syria, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. This discovery appears to mark the first time that a current client of RCS Lab’s mobile spyware has been publicly identified.
Hermit is a modular surveillanceware that hides its malicious capabilities in packages downloaded after it has been deployed. Researchers were able to obtain and analyze 16 of the 25 known modules. The modules, along with the core malware’s permissions, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.
“This discovery gives us an in-depth look into a spyware vendor’s activities and how sophisticated app-based spyware operates,” said Justin Albrecht, Threat Intelligence researcher at Lookout. “Based on how customizable Hermit is, including its anti-analysis capabilities and even the way it carefully handles data, it’s clear that this is well-developed tooling designed to provide surveillance capabilities to nation-state customers. What’s also interesting is that we were able to confirm Kazakhstan as a probable current customer of RCS Lab. It’s not often that you are able to identify a spyware vendor’s clientele.”
Lookout researchers theorize that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background.
The post Lookout Discovers Android Spyware Deployed in Kazakhstan appeared first on IT Security Guru.