Security News

Israeli spyware maker NSO Group has taken a leaf out of Hollywood in an attempt to avoid any legal repercussions from making and selling tools that hack WhatsApp users' phones. When NSO failed to turn up in court in the US state, Facebook claimed victory; and NSO accused it of lying and having failed to serve the legal documents.

The attacks, which targeted IP-addresses belonging to internet service providers in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma to stealthily monitor its victims for continued exploitation. Tracked under the codename of "Operation North Star" by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks.

A week after the US government issued an advisory about a "Global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities. The APT - dubbed "Kimsuky" and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework.

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices. In a report published on Monday, Kaspersky reveals that the malware's authors have invested a lot into making their tool cross-platform, and that, as part of an ongoing campaign, both Android and macOS are now being targeted, in addition to Windows.

The criminals behind GravityRAT spyware have rolled out new macOS and Android variants for the first time. Kaspersky researchers spotted updated GravityRAT code indicating an overhaul of the the malware.

German prosecutors said Wednesday that authorities have searched 15 premises linked to spyware maker FinFisher as part of a probe into allegations the Munich-based company broke export laws by selling its products to authoritarian governments. Munich prosecutors opened an investigation into the company last year following complaints from human rights groups, which alleged FinFisher had supplied Turkey with software that could be used to spy on dissidents in the country.

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau, ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data. Breen's efforts resulted in a malicious watch face, which he was then able to make available through the Fitbit Gallery.

Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.