Security News

Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists. The new owner is a Luxembourg-based holding firm called Dufresne Holdings controlled by NSO co-founder Omri Lavie, according to the report.

A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times. In the background the trojan SDK checks the Android device's sensor data to confirm that it's not running in a sandboxed environment, commonly used by researchers when analyzing potentially malicious Android apps.

The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada. The software, which is designed to spy on and extract data from the devices it's slipped into, is available for Google Android and Apple iOS. In its deep dive published on Thursday, which examines the Android version of the code, Talos suggests Alien is more than just a loader for a Predator, and that the two work in combination to enable all kinds of espionage and intelligence-gathering activities on compromised devices.

The US International Trade Administration has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won't answer questions about it, according to US Senator Ron Wyden. Wyden, in a letter to US Commerce Secretary Gina Raimondo, has demanded answers about the surveillance and policing tech that ITA - a US government agency - pushes to other countries.

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos said in a technical report.

Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details. Predator is a commercial spyware for mobile platforms developed and sold by Israeli company Intellexa.

EU MEPs want to start the public body - along with a host of other recommendations contained in a report that landed last night - after the so-called PEGA committee spent over a year looking into the use of Pegasus and equivalent spyware. In April, Citizen Lab and Microsoft both reported that a zero-click exploit allegedly developed by Israeli spyware company QuaDream - called "Reign" - was used to deliver spyware on devices running Apple's iOS 14 on victims' phones.

Roid security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. According to a Google Threat Analysis Group report published in March, it was exploited as part of a complex chain of multiple 0-days and n-days in a spyware campaign targeting Samsung Android phones.

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. "The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol," Lookout said, based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA. BouldSpy, like other Android malware families, abuses its access to Android's accessibility services and other intrusive permissions to harvest sensitive data such as web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings.

Analysis Israeli spyware shop QuaDream is reportedly shutting down due to financial troubles. The reported closure of the little-known nine-year-old company likely won't reduce the use of spyware - QuaDream's much higher profile and more infamous brethren, NSO Group, last year rolled out at least three new exploits targeting devices running versions 15 and 16 of Apple's iOS operating system.