Security News

Amnesty International said Monday that software developed by Israeli security firm NSO Group was used to attack a Moroccan journalist, the latest in a series of allegations against the company. Amnesty said the Moroccan authorities used NSO's Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted in March over a social media post.

Finally, after years of states' use of this kind of powerful spyware against their rivals and political enemies, the US Congress is planning to order its Director of National Intelligence to keep track of the threat this malware poses to the nation, which foreign governments are using it, and for what. The Senate bill - which lays out funding for the government's intelligence operations for next year - would require the DNI to submit a report to Congress on the threat posed by commercial spyware.

In a paper recently published through the Journal of Cybersecurity, Cornell University assistant professor Karen Levy and security veteran Bruce Schneier argue that intimate relationships open the door to a set of privacy and security risks that haven't been anticipated or adequately addressed by the public, the technical community, and policymakers. "We describe privacy threats that arise in our intimate relationships: families, romances, friendships," said Levy.

According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks.

Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years. Dubbed Mandrake, the platform targets only specific devices, as its operators are keen on remaining undetected for as long as possible.

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender. Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.

Senator Ron Wyden was reacting to Vice's discovery of a brochure by Westbridge Technologies - the US sales wing of the controversial NSO Group - which pitched NSO's Pegasus technology, rebadged as Phantom, to a police force in San Diego, California. The reference to spying on an ex-partner relates to claims that an employee of NSO Group who was caught using the firm's technology to spy on a woman they were interested in romantically.

Taking a closer look at the malware, the malicious Mac executable is located in "Contents/Resources/Base.lproj/" directory of the fake application and pretends to be a nib file, according to researchers at Malwarebytes, in a posting on Wednesday. Once it starts, it creates a property list file that specifies the application that needs to be executed after reboot, and the content of the plist file is hardcoded within the application.

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US. Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. WhatsApp security manager Claudiu Gheorghe in a previous filing identified 720 malicious attacks on WhatsApp from the IP address 104.223.76.220, a server in California provided by QuadraNet and allegedly run by NSO. QuadraNet did not immediately respond to The Register's request to clarify the account holder for that IP address.