Security News
Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years. Dubbed Mandrake, the platform targets only specific devices, as its operators are keen on remaining undetected for as long as possible.
A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender. Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.
Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.
Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.
Taking a closer look at the malware, the malicious Mac executable is located in "Contents/Resources/Base.lproj/" directory of the fake application and pretends to be a nib file, according to researchers at Malwarebytes, in a posting on Wednesday. Once it starts, it creates a property list file that specifies the application that needs to be executed after reboot, and the content of the plist file is hardcoded within the application.
Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. WhatsApp security manager Claudiu Gheorghe in a previous filing identified 720 malicious attacks on WhatsApp from the IP address 104.223.76.220, a server in California provided by QuadraNet and allegedly run by NSO. QuadraNet did not immediately respond to The Register's request to clarify the account holder for that IP address.
Unusually, the sample propagated through the employee pool via the infected company's mobile device management server. Perhaps most damagingly, cyberattackers can gain complete remote control of the device by running the TeamViewer remote access application.
A Microsoft vulnerability found in Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts. The phishing campaign used a ton of different Microsoft file sharing platforms including Microsoft Sway, which if you guys don't know what that is, it's basically Microsoft's platform for newsletters and presentations.
Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that's distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure. Kaspersky's report follows previous research from BlackBerry, which connected OceanLotus to a trio of fake apps for Android last year.
Attorneys for Facebook and its WhatsApp subsidiary have challenged a plea from spyware maker NSO Group to dismiss the high-level hacking case the two are fighting out, arguing it has immunity from prosecution. Facebook sued the Israel-based NSO Group and its affiliate Q Cyber Technologies last October in the US, alleging the firms "Manufactured, distributed, and operated surveillance software, also known as 'spyware,' designed to intercept and extract information and communications from mobile phones and devices of WhatsApp users."