Security News

Google: How we tackled this iPhone, Android spyware
2022-06-24 10:46

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. This app in fact infected the device with RCS's spyware.

NSO claims 'more than 5' EU states use Pegasus spyware
2022-06-24 06:22

NSO Group told European lawmakers this week that "Under 50" customers use its notorious Pegasus spyware, though these customers include "More than five" European Union member states. Generally speaking, a target selected by an NSO customer has their phone or other device infected with hidden spyware via the exploitation of one or more security vulnerabilities.

Spyware vendor works with ISPs to infect iOS and Android users
2022-06-23 17:07

Google's Threat Analysis Group revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.

Kazakh Govt. Used Spyware Against Protesters
2022-06-21 12:48

An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed "Hermit." Hermit is an advanced, modular program developed by RCS Lab, a notorious Italian company that specializes in digital surveillance.

Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy
2022-06-17 20:43

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.

FluBot Android Spyware Taken Down in Global Law Enforcement Operation
2022-06-01 20:40

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.

FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure
2022-06-01 11:35

An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information - passwords, online banking details, etc. The Dutch Police, who took control of the malware's infrastructure earlier in May, made the malware inactive.

Watch out for phishing emails that inject spyware trio
2022-06-01 10:02

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.

Predator spyware sold with Chrome, Android zero-day exploits to monitor targets
2022-05-24 23:58

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group. Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

Google: Predator spyware infected Android devices using zero-days
2022-05-22 14:00

In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices. The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.