Security News

A week after the US government issued an advisory about a "Global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities. The APT - dubbed "Kimsuky" and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework.

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices. In a report published on Monday, Kaspersky reveals that the malware's authors have invested a lot into making their tool cross-platform, and that, as part of an ongoing campaign, both Android and macOS are now being targeted, in addition to Windows.

The criminals behind GravityRAT spyware have rolled out new macOS and Android variants for the first time. Kaspersky researchers spotted updated GravityRAT code indicating an overhaul of the the malware.

German prosecutors said Wednesday that authorities have searched 15 premises linked to spyware maker FinFisher as part of a probe into allegations the Munich-based company broke export laws by selling its products to authoritarian governments. Munich prosecutors opened an investigation into the company last year following complaints from human rights groups, which alleged FinFisher had supplied Turkey with software that could be used to spy on dissidents in the country.

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau, ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data. Breen's efforts resulted in a malicious watch face, which he was then able to make available through the Fitbit Gallery.

Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. APT-C-23 is known to utilize both Windows and Android components, and has previously targeted victims in the Middle East with apps in order to compromise Android smartphones.

Human rights organization Amnesty International has identified new macOS and Linux-targeting variants of the infamous FinFisher-made spyware family FinSpy. While diving deeper into the use of FinSpy by a hacking group dubbed NilePhish, which is believed to be state sponsored, Amnesty International discovered previously unknown samples targeting Linux and macOS, along with an infrastructure to distribute the Windows variant of the spyware disguised as an Adobe Flash Player installer.