2016, Hacking and Spyware - Cyber Security Informer

NSO Group Hacked

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow.

Hacking

Hacking Spyware Manufacturing Software

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Kaspersky first documented the operations of the group in 2016. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence.

Spyware

Spyware Surveillance Encryption Malware

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Pegasus spyware and how it exploited a WebP vulnerability

Malwarebytes

SEPTEMBER 27, 2023

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. The exploit chain based on these vulnerabilities was capable of compromising devices without any interaction from the victim and were reportedly used by the NSO Group to deliver its infamous Pegasus spyware.

Spyware

Spyware Surveillance Mobile Software

Apple Patches Vulnerabilities in iOS Exploited by Spyware

eSecurity Planet

SEPTEMBER 14, 2021

Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal ). Spyware Vulnerability. and iPadOS 14.8

Spyware

Spyware Mobile Engineering Government

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware

Spyware Malware Mobile Marketing

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. The Boston Globe reports that Gottesfeld and his wife in 2016 tried to flee to Cuba in a rented boat, but the trip didn’t go as planned.

DDOS

DDOS Internet Internet Spyware

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. The impact of the burgeoning scandal continues to ripple.

Spyware

Spyware Mobile Government Surveillance

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

JUNE 15, 2020

The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices,” reads the report published by Trend Micro.

Spyware

Spyware Advertising Encryption Phishing

Mandrake, a high sophisticated Android spyware used in targeted attacks

Security Affairs

MAY 18, 2020

Security experts discovered a highly sophisticated Android spyware platform, dubbed Mandrake, that remained undetected for four years. Researchers from Bitdefender discovered a high-sophisticated Android spyware platform dubbed Mandrake, it was involved in highly targeted attacks against specific devices. Pierluigi Paganini.

Spyware

Spyware Malware Advertising Banking

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. ( Presidential election.

Spyware

Spyware Surveillance Mobile Advertising

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. a Chinese tech company founded in 2016 with fewer than 50 employees. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,China)

Surveillance

Surveillance Mobile Spyware Malware

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk

Risk Spyware Hacking Accountability

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

Security Affairs

MARCH 7, 2021

In the last years, security experts documented multiple hacking and disinformation campaigns, attributed to Russia-linked APT groups, that targeted Lithuania, Estonia , and Latvia. In December 2016, Lithuania blamed Russia for cyber attacks that hit government networks over the previous two years. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Spyware Government Hacking

Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware

Security Affairs

OCTOBER 10, 2019

NSO Group ‘s surveillance spyware made the headlines again, this time the malware was used to spy on 2 rights activists in Morocco according Amnesty International. Amnesty International collected evidence of new abuses of the NSO Group ‘s surveillance spyware, this time the malware was used to spy two rights activists in Morocco.

Spyware

Spyware Surveillance Advertising Malware

Bitdefender spotted Triout, a new powerful Android Spyware Framework

Security Affairs

AUGUST 23, 2018

Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. “The original app seems to have been available in Google Play in 2016, but it has since been removed. ” reads the report published by Bitdefender.

Spyware

Spyware Surveillance Advertising Malware

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As first detailed by KrebsOnSecurity in July 2016 , Orcus is the brainchild of John “Armada” Rezvesz , a Toronto resident who until recently maintained and sold the RAT under the company name Orcus Technologies. An advertisement for Orcus RAT. In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Software Marketing

Swedish Government grants police the use of spyware against violent crime suspects

Security Affairs

OCTOBER 24, 2019

The Sweden government is going to authorize the use of spyware on suspects’ devices to spy on their communications and track them. Criminal organizations leverage encrypted messaging services for their communications, for this reason the Government decided to authorize the use of surveillance spyware against suspects of violent crimes.

Spyware

Spyware Government Surveillance Encryption

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Security Affairs

SEPTEMBER 9, 2018

. “Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them.” ” reads the analysis published by CheckPoint. Pierluigi Paganini.

Surveillance

Surveillance Mobile Advertising Spyware

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik.

Surveillance

Surveillance Spyware Government Hacking

Exodus, a government malware that infected innocent victims

Security Affairs

MARCH 30, 2019

Security researchers have found a new government spyware, tracked as Exodus, that was distributed through the Google Play Store. The researchers argue that the surveillance operation might have targeted also innocent victims because the spyware was poorly developed, a circumstance that is confirmed makes the software illegal.

Government

Government Malware Spyware Surveillance

BusyGasper spyware remained undetected for two years while spying Russians

Security Affairs

AUGUST 30, 2018

The BusyGasper Android spyware has been active since May 2016, it implements unusual features for this type of malware. We found no similarities to commercial spyware products or to other known spyware variants, which suggests BusyGasper is self-developed and used by a single threat actor.” Pierluigi Paganini.

Spyware

Spyware Malware Advertising Banking

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

“We found dozens of related samples that had been appearing in the wild since 2016 and had been deployed in various application marketplaces including Google Play.” The PhantomLance malware implements classic spyware functionalities, it could exfiltrate user data, phone call logs, SMS messages, contacts, and GPS data.

Malware

Malware Advertising Marketing Hacking

A new sophisticated version of the AZORult Spyware appeared in the wild

Security Affairs

JULY 30, 2018

A new sophisticated version of the AZORult Spyware was spotted in the wild, it was involved in a large email campaign on July 18. Malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared in cybercrime forums on the Dark Web.

Spyware

Spyware Cryptocurrency Passwords Malware

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

Researchers at Cybereason’s Nocturnus team published a new report that includes details on two new pieces of malware associated with the North-Korea linked APT, modular spyware called KGH_SPY and a downloader called CSPY Downloader. SecurityAffairs – hacking, Kimsuky APT). ” reads the report published by Cybereason.

Malware

Malware Advertising Spyware Government

Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder

Security Affairs

NOVEMBER 9, 2018

In July, Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware. YEAR(S) IN WHICH SPYWARE INFECTION WAS ATTEMPTED. In August, an Amnesty International report confirmed that its experts identified a second human rights activist, in Saudi Arabia, who was targeted with the powerful spyware.

Surveillance

Surveillance Spyware Software Advertising

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

In 2016, researchers from the non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried out by the Stealth Falcon. Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns.

Malware

Malware Spyware Architecture Encryption

Security Affairs newsletter Round 353

Security Affairs

FEBRUARY 13, 2022

SecurityAffairs – hacking, newsletter). US seizes $3.6 US seizes $3.6 Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Security Affairs newsletter Round 353 appeared first on Security Affairs.

Ransomware

Ransomware Spyware Surveillance Hacking

Experts spotted the iOS version of the Exodus surveillance app

Security Affairs

APRIL 9, 2019

In the last weeks, a new Android surveillance malware dubbed Exodus made the headlines, now expert found the iOS version of the government spyware. on Feb 28, 2016.” Security experts at LookOut have discovered an iOS version of the dreaded surveillance Android app Exodus that was initially found on the official Google Play Store.

Surveillance

Surveillance Spyware Phishing Malware

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

MARCH 13, 2019

FruityArmor is a cyber-espionage group that was first observed in 2016 while targeting activists, researchers, and individuals related to government organizations in Thailand, Iran, Algeria, Yemen, Saudi Arabia, and Sweden. SecurityAffairs – CVE-2019-0797, hacking). ” reads the analysis published by Kaspersky Lab.

Advertising

Advertising Spyware Hacking Government

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In the past, the Donot Team spyware was found in attacks outside of South Asia. SecurityAffairs – hacking, Donot Team).

Malware

Malware Spyware Phishing Government

Amnesty International employee targeted with NSO group surveillance malware

Security Affairs

AUGUST 1, 2018

. “In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware. Year(s) in which spyware infection was attempted. Country Nexus. 2012-2014.

Surveillance

Surveillance Malware Spyware Mobile

Mobile Phones of Politicians, Journalists, and members of Royal Families were targeted by Israeli Malware

CyberSecurity Insiders

JULY 18, 2021

Some news outlets like Le Monde and the Washington Post have also added in their news posts that so far over 50,000 phone numbers are believed to have been targeted by the hackers since 2016 and that includes the contact number of Hanan Eltar, the widow of Saudi Born Journalists Jamal Khashoggi who was killed in 2018 for reasons.

Mobile

Mobile Malware Spyware Surveillance

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

We attribute the campaign, named SnatchCrypto, to the BlueNoroff APT group, the threat actor behind the 2016 attack on Bangladesh’s central bank. One of the things you can do to protect yourself from advanced mobile spyware is to reboot your device on a daily basis. Lapsus$ group hacks Okta. Other malware.

Phishing

Phishing Spyware Firmware Malware

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Experts uncovered a new Magecart campaign that hacked over 960 stores. Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016. Severe vulnerabilities allow hacking older GE anesthesia machines. New FinFisher spyware used to spy on iOS and Android users in 20 countries.

Data breaches

Data breaches Spyware Advertising Government

Security Affairs newsletter Round 214 – News of the week

Security Affairs

MAY 19, 2019

Hacking the ‘Unhackable eyeDisk USB stick. Pacha Group declares war to rival crypto mining hacking groups. WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware. Chinese state-sponsored hackers breached TeamViewer in 2016. Security breach suffered by credit bureau Equifax has cost $1.4

Advertising

Advertising Spyware Data breaches Hacking

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18.

Encryption

Encryption Ransomware Cryptocurrency Passwords

The new Azorult 3.3 is available in the cybercrime underground market

Security Affairs

OCTOBER 23, 2018

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18.

Marketing

Marketing Cybercrime Cryptocurrency Advertising

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Security Affairs

OCTOBER 2, 2018

Azorult has been around since at least 2016, malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared in cybercrime forums on the Dark Web. in live attacks. and 3.2).

Malware

Malware Advertising Spyware Passwords

Apex Legends for Android: a Fake App could Compromise your Smartphone

Security Affairs

MARCH 12, 2019

net” there is a well-known malicious site, active since 2016, and related to a huge phishing network, in which also some URLs related to fake MS Office pages are present. Despite its dimensions, this is the only apk that shows a spyware behavior. Figure 5: phishing web page provided by URL cited above. Behind the URL “www.areyouabot[.]net”

Spyware

Spyware Malware Mobile Phishing

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

In 2016, researchers from non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried by the Stealth Falcon. Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns.

Malware

Malware Advertising System Administration Spyware

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In the latest campaign uncovered by Kaspersky, the APT group, used a modular framework dubbed CloudWizard that supports spyware capabilities, including taking screenshots, microphone recording, harvesting Gmail inboxes, and keylogging.

Malware

Malware Spyware Encryption Hacking

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs

JULY 18, 2019

The activity of the group was initially uncovered in 2016 when experts at Kaspersky observed the cyberespionage group targeting users in Europe, in the Middle East, and in Northern Africa. The group set up malicious sites mimicking legitimate ones to carry out watering holes to deliver tainted installers and malware.

Malware

Malware Software Advertising Spyware

NSO Group Hacked

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Trending Sources

Pegasus Project – how governments use Pegasus spyware against journalists

Pegasus spyware and how it exploited a WebP vulnerability

Apple Patches Vulnerabilities in iOS Exploited by Spyware

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Courts Hand Down Hard Jail Time for DDoS

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Orcus RAT Author Charged in Malware Scheme

Earth Empusa targets minority group with Android ActionSpy spyware

Mandrake, a high sophisticated Android spyware used in targeted attacks

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware

Bitdefender spotted Triout, a new powerful Android Spyware Framework

Canadian Police Raid ‘Orcus RAT’ Author

Swedish Government grants police the use of spyware against violent crime suspects

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Israeli surveillance firm QuaDream emerges from the dark

Exodus, a government malware that infected innocent victims

BusyGasper spyware remained undetected for two years while spying Russians

PhantomLance, a four-year-long cyberespionage spying campaign

A new sophisticated version of the AZORult Spyware appeared in the wild

North Korea-Linked APT Group Kimsuky spotted using new malware

Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs newsletter Round 353

Experts spotted the iOS version of the Exodus surveillance app

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Donot Team cyberespionage group updates its Windows malware framework

Amnesty International employee targeted with NSO group surveillance malware

Mobile Phones of Politicians, Journalists, and members of Royal Families were targeted by Israeli Malware

IT threat evolution Q1 2022

Security Affairs newsletter Round 222 – News of the week

Security Affairs newsletter Round 214 – News of the week

STOP ransomware encrypts files and steals victim’s data

The new Azorult 3.3 is available in the cybercrime underground market

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Apex Legends for Android: a Fake App could Compromise your Smartphone

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Experts detailed new StrongPity cyberespionage campaigns

Stay Connected