Security News

Google's Threat Analysis Group has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. While TAG is Google's team of security experts focused on protecting Google users from state-sponsored attacks, it also keeps track of dozens of companies that enable governments to spy on dissidents, journalists, and political opponents using surveillance tools.

A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN. Researchers say that the campaign was "Highly targeted" and aimed at stealing contact and call data, device location, as well as messages from multiple apps. ESET malware analyst Lukas Stefanko says that Bahamut repackaged the SoftVPN and OpenVPN apps for Android to include malicious code with spying functions.

World Cup apps from the Qatari government collect more personal information than they need to, according to Germany's data protection agency, which this week warned football fans to only install the two apps "If it is absolutely necessary." Also: consider using a burner phone. The two apps are Ehteraz, a Covid-19 tracker from the Qatari Ministry of Public Health, and Hayya from the government's Supreme Committee for Delivery & Legacy overseeing the Cup locally, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services.

Last month, we were warned not to install Qatar's World Cup app because it was spyware. The app is being promoted as a tool to help attendees navigate the event.

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok.

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike.

Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users. The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.

A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50. The newest FurBall malware version was sampled and analyzed by ESET researchers, who report it has many similarities with earlier versions, but now comes with obfuscation and C2 updates.

Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.

The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called "Predator." That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa. The lawsuit filed by Koukakis takes aim at Intellexa and its executive, alleging a criminal breach of privacy and communication laws, reports Haaretz.