Security News

Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar.

In an open letter this month, the Chaos Computer Club - along with Google, Facebook, and others - said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.

A new malicious piece of spyware is targeting Android users in the U.K. in an attempt to snag their passwords and other private information. Affecting Android phones and devices across the U.K., FluBot is triggered after a user receives a text message asking them to install a tracking app in response to a "Missed delivery package." Clicking on the link in the text directs the victim to a scam website that launches the spyware.

Roid mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called "Flubot," according to the U.K.'s National Cyber Security Centre. The malware is delivered to targets through SMS texts and prompts them to install a "Missed package delivery" app.

Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. To disrupt the adversary operations, Facebook said it took down their accounts, blocked domains associated with their activity, and alerted users it suspects were singled out by these groups to help them secure their accounts.

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.

The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted. Last week, Uncle Sam's Office of the Director of National Intelligence released a statement fingering Crown Prince Mohammed bin Salman for orchestrating the killing, which a lawsuit claims was aided by tracking technology provided by spyware biz NSO Group.

Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders between February 2018 and November 2020. The state hackers also pointed their attacks at a nonprofit human rights organization from Vietnam, as Amnesty International's Security Lab revealed.