Security News
A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "Incorporated new features into their malicious apps that make them more resilient to actions by users, who might try to remove them manually, and to security and web hosting companies that attempt to block access to, or shut down, their command-and-control server domains," Sophos threat researcher Pankaj Kohli said in a report published Tuesday.
Apple today sued NSO Group, which sells spyware to governments and other organizations, for infecting and snooping on people's iPhones. In a strongly worded filing [PDF] Apple described NSO as "Amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse." Cupertino wants damages and a ban on NSO interacting or interfering any further with Apple services and products.
Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech. NSO's FORCEDENTRY exploit was used by state-backed attackers to break into Apple devices to install the latest version of Pegasus spyware, as revealed by the Citizen Lab in August.
Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "Watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. The strategic web compromises are believed to have occurred in two waves, the first commencing as early as March 2020 before ending in August 2020, and the second string of attacks beginning in January 2021 and lasting until early August 2021, when the targeted websites were stripped clean off the malicious scripts.
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. In 2020, the malware was targeting people via an Android app named 'Travel Mate Pro,' but since the pandemic has slowed down traveling, the actors moved to a new guise.
Researchers discovered new Android spyware that provides similar capabilities to NSO Group's Pegasus controversial software. PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted device, according to a Zimperium zLabs report published Wednesday.
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data. The campaign deploys a powerful Android malware capable of stealing sensitive information from the users and taking over the device's microphone and camera.
NSO Group - the Israeli-based maker of the notorious, military-grade Pegasus spyware that's been linked to cyberattacks against dissidents, activists and NGOs at the hands of repressive regimes - has been blacklisted by the United States. NSO Group is one of four spyware developers or traffickers that the U.S. Commerce Department added to its "Entity List" on Wednesday, effectively banning trade with the company.
The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "Malicious cyber activities." The agency said the two companies were added to the list based on evidence that "These entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."
The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "Malicious cyber activities." The agency said the two companies were added to the list based on evidence that "These entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."