2016 and Spyware - Cyber Security Informer

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Kaspersky first documented the operations of the group in 2016. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence.

Spyware

Spyware Surveillance Encryption Malware

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

The Hacker News

SEPTEMBER 23, 2022

A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday.

Spyware

Spyware Mobile Surveillance Malware

Apple Patches Vulnerabilities in iOS Exploited by Spyware

eSecurity Planet

SEPTEMBER 14, 2021

Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal ). operating system was being exploited by the invasive Pegasus spyware.

Spyware

Spyware Mobile Engineering Government

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware

Spyware Malware Mobile Marketing

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. Spyware is Evolving. Apple Under Fire.

Spyware

Spyware Mobile Government Surveillance

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

JUNE 15, 2020

The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices,” reads the report published by Trend Micro.

Spyware

Spyware Advertising Encryption Phishing

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. ( Presidential election.

Spyware

Spyware Surveillance Mobile Advertising

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. The Boston Globe reports that Gottesfeld and his wife in 2016 tried to flee to Cuba in a rented boat, but the trip didn’t go as planned.

DDOS

DDOS Internet Internet Spyware

Mandrake, a high sophisticated Android spyware used in targeted attacks

Security Affairs

MAY 18, 2020

Security experts discovered a highly sophisticated Android spyware platform, dubbed Mandrake, that remained undetected for four years. Researchers from Bitdefender discovered a high-sophisticated Android spyware platform dubbed Mandrake, it was involved in highly targeted attacks against specific devices. Pierluigi Paganini.

Spyware

Spyware Malware Advertising Banking

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Bitdefender spotted Triout, a new powerful Android Spyware Framework

Security Affairs

AUGUST 23, 2018

Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. “The original app seems to have been available in Google Play in 2016, but it has since been removed. ” reads the report published by Bitdefender.

Spyware

Spyware Surveillance Advertising Malware

Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware

Security Affairs

OCTOBER 10, 2019

NSO Group ‘s surveillance spyware made the headlines again, this time the malware was used to spy on 2 rights activists in Morocco according Amnesty International. Amnesty International collected evidence of new abuses of the NSO Group ‘s surveillance spyware, this time the malware was used to spy two rights activists in Morocco.

Spyware

Spyware Surveillance Advertising Malware

Swedish Government grants police the use of spyware against violent crime suspects

Security Affairs

OCTOBER 24, 2019

The Sweden government is going to authorize the use of spyware on suspects’ devices to spy on their communications and track them. Criminal organizations leverage encrypted messaging services for their communications, for this reason the Government decided to authorize the use of surveillance spyware against suspects of violent crimes.

Spyware

Spyware Government Surveillance Encryption

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Security Affairs

SEPTEMBER 9, 2018

. “Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them.” ” reads the analysis published by CheckPoint. Pierluigi Paganini.

Surveillance

Surveillance Mobile Advertising Spyware

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. a Chinese tech company founded in 2016 with fewer than 50 employees. The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure.

Surveillance

Surveillance Mobile Spyware Malware

Unique Monokle Android Spyware Self-Signs Certificates

Threatpost

JULY 24, 2019

Researchers have linked the surveillance tool to a Russian tech firm that has been sanctioned for interfering with the 2016 U.S. presidential election.

Spyware

Spyware Surveillance Technology Mobile

BusyGasper spyware remained undetected for two years while spying Russians

Security Affairs

AUGUST 30, 2018

The BusyGasper Android spyware has been active since May 2016, it implements unusual features for this type of malware. We found no similarities to commercial spyware products or to other known spyware variants, which suggests BusyGasper is self-developed and used by a single threat actor.” Pierluigi Paganini.

Spyware

Spyware Malware Advertising Banking

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk

Risk Spyware Hacking Accountability

A new sophisticated version of the AZORult Spyware appeared in the wild

Security Affairs

JULY 30, 2018

A new sophisticated version of the AZORult Spyware was spotted in the wild, it was involved in a large email campaign on July 18. Malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared in cybercrime forums on the Dark Web.

Spyware

Spyware Cryptocurrency Passwords Malware

Exodus, a government malware that infected innocent victims

Security Affairs

MARCH 30, 2019

Security researchers have found a new government spyware, tracked as Exodus, that was distributed through the Google Play Store. The researchers argue that the surveillance operation might have targeted also innocent victims because the spyware was poorly developed, a circumstance that is confirmed makes the software illegal.

Government

Government Malware Spyware Surveillance

Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder

Security Affairs

NOVEMBER 9, 2018

In July, Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware. YEAR(S) IN WHICH SPYWARE INFECTION WAS ATTEMPTED. In August, an Amnesty International report confirmed that its experts identified a second human rights activist, in Saudi Arabia, who was targeted with the powerful spyware.

Surveillance

Surveillance Spyware Software Advertising

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

This is exactly what happened on October 12, 2016, when the Mirai botnet used an army of IoT devices — like security cameras, digital video recorders (DVRs) and routers — to execute a massive distributed denial of service (DDoS) attack which left much of the internet inaccessible. The first IoT casualties?

IoT

IoT Spyware VPN Passwords

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik.

Surveillance

Surveillance Spyware Government Hacking

Experts spotted the iOS version of the Exodus surveillance app

Security Affairs

APRIL 9, 2019

In the last weeks, a new Android surveillance malware dubbed Exodus made the headlines, now expert found the iOS version of the government spyware. on Feb 28, 2016.” Security experts at LookOut have discovered an iOS version of the dreaded surveillance Android app Exodus that was initially found on the official Google Play Store.

Surveillance

Surveillance Spyware Phishing Malware

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

Researchers at Cybereason’s Nocturnus team published a new report that includes details on two new pieces of malware associated with the North-Korea linked APT, modular spyware called KGH_SPY and a downloader called CSPY Downloader. ” reads the report published by Cybereason.

Malware

Malware Advertising Spyware Government

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

“We found dozens of related samples that had been appearing in the wild since 2016 and had been deployed in various application marketplaces including Google Play.” The PhantomLance malware implements classic spyware functionalities, it could exfiltrate user data, phone call logs, SMS messages, contacts, and GPS data.

Malware

Malware Advertising Marketing Hacking

New FurBall Android Malware Used to Spy on Iranian Citizens

SecureWorld News

OCTOBER 21, 2022

Domestic Kitten, also known as the APT-C-50 group, has been spying on Iranian citizens since 2016 with various campaigns targeting anti-government protestors throughout the Middle East. Researchers believe the purpose of this could be to set up a larger spearphishing attack conducted via text messages.

Malware

Malware Spyware Government Surveillance

Amnesty International employee targeted with NSO group surveillance malware

Security Affairs

AUGUST 1, 2018

. “In June 2018, an Amnesty International staff member received a malicious WhatsApp message with Saudi Arabia-related bait content and carrying links Amnesty International believes are used to distribute and deploy sophisticated mobile spyware. Year(s) in which spyware infection was attempted. Country Nexus. 2012-2014.

Surveillance

Surveillance Malware Spyware Mobile

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

MARCH 13, 2019

FruityArmor is a cyber-espionage group that was first observed in 2016 while targeting activists, researchers, and individuals related to government organizations in Thailand, Iran, Algeria, Yemen, Saudi Arabia, and Sweden. Experts believe FruityArmor´s activity has been slowly increasing during the last two years, the group.

Advertising

Advertising Spyware Hacking Government

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In the past, the Donot Team spyware was found in attacks outside of South Asia.

Malware

Malware Spyware Phishing Government

Security Affairs newsletter Round 353

Security Affairs

FEBRUARY 13, 2022

US seizes $3.6 to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps.

Spyware

Spyware Ransomware Surveillance Hacking

Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration

Hot for Security

JUNE 18, 2021

According to a joint CISA and FBI advisory , CVE-2017-11882 was among the most exploited software vulnerabilities between 2016 and 2019. So it seems that bad actors are still hunting for outdated and unpatched software that can easily be compromised. Indicators of compromise.

Phishing

Phishing Malware Spyware Software

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18.

Encryption

Encryption Ransomware Cryptocurrency Passwords

Mobile Phones of Politicians, Journalists, and members of Royal Families were targeted by Israeli Malware

CyberSecurity Insiders

JULY 18, 2021

Some news outlets like Le Monde and the Washington Post have also added in their news posts that so far over 50,000 phone numbers are believed to have been targeted by the hackers since 2016 and that includes the contact number of Hanan Eltar, the widow of Saudi Born Journalists Jamal Khashoggi who was killed in 2018 for reasons.

Mobile

Mobile Malware Spyware Surveillance

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

We attribute the campaign, named SnatchCrypto, to the BlueNoroff APT group, the threat actor behind the 2016 attack on Bangladesh’s central bank. One of the things you can do to protect yourself from advanced mobile spyware is to reboot your device on a daily basis. Other malware. Noreboot: faking an iPhone restart.

Phishing

Phishing Spyware Firmware Malware

The new Azorult 3.3 is available in the cybercrime underground market

Security Affairs

OCTOBER 23, 2018

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18.

Marketing

Marketing Cybercrime Cryptocurrency Advertising

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Security Affairs

OCTOBER 2, 2018

Azorult has been around since at least 2016, malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared in cybercrime forums on the Dark Web. in live attacks. and 3.2).

Malware

Malware Advertising Spyware Passwords

Security Affairs newsletter Round 214 – News of the week

Security Affairs

MAY 19, 2019

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware. Chinese state-sponsored hackers breached TeamViewer in 2016. Thrangrycat flaw could allow compromising millions of Cisco devices. Unprotected DB exposed PII belonging to nearly 90% of Panama citizens. The stealthy email stealer in the TA505 hacker groups arsenal.

Advertising

Advertising Spyware Data breaches Hacking

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016. New FinFisher spyware used to spy on iOS and Android users in 20 countries. A new Astaroth Trojan Campaign uncovered by Microsoft. Flaw in Zoom video conferencing software lets sites take over webcam on Mac. Maryland Department of Labor discloses a data breach.

Data breaches

Data breaches Spyware Advertising Government

Apex Legends for Android: a Fake App could Compromise your Smartphone

Security Affairs

MARCH 12, 2019

net” there is a well-known malicious site, active since 2016, and related to a huge phishing network, in which also some URLs related to fake MS Office pages are present. Despite its dimensions, this is the only apk that shows a spyware behavior. Figure 5: phishing web page provided by URL cited above. Behind the URL “www.areyouabot[.]net”

Spyware

Spyware Malware Mobile Phishing

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

In 2016, researchers from non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried by the Stealth Falcon. Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns.

Malware

Malware Advertising System Administration Spyware

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs

JULY 18, 2019

The activity of the group was initially uncovered in 2016 when experts at Kaspersky observed the cyberespionage group targeting users in Europe, in the Middle East, and in Northern Africa. The group set up malicious sites mimicking legitimate ones to carry out watering holes to deliver tainted installers and malware.

Malware

Malware Software Advertising Spyware

CSE Malware ZLab – Chinese APT27 ’s long-term espionage campaign in Syria is still ongoing

Security Affairs

JULY 23, 2018

Security researchers from CSE Cybsec Z-Lab analyzed the content of the folder and discovered an Android spyware that was developed to exfiltrate sensitive information from victims’ devices. The homepage shows how the application works and includes some slides about it.

Malware

Malware Advertising Spyware Mobile

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Pegasus Project – how governments use Pegasus spyware against journalists

Trending Sources

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

Apple Patches Vulnerabilities in iOS Exploited by Spyware

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Earth Empusa targets minority group with Android ActionSpy spyware

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Courts Hand Down Hard Jail Time for DDoS

Mandrake, a high sophisticated Android spyware used in targeted attacks

Orcus RAT Author Charged in Malware Scheme

Bitdefender spotted Triout, a new powerful Android Spyware Framework

Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware

Swedish Government grants police the use of spyware against violent crime suspects

Domestic Kitten – An Iranian surveillance operation under the radar since 2016

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Unique Monokle Android Spyware Self-Signs Certificates

BusyGasper spyware remained undetected for two years while spying Russians

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

A new sophisticated version of the AZORult Spyware appeared in the wild

Exodus, a government malware that infected innocent victims

Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder

Spyware in the IoT – the Biggest Privacy Threat This Year

Israeli surveillance firm QuaDream emerges from the dark

Experts spotted the iOS version of the Exodus surveillance app

North Korea-Linked APT Group Kimsuky spotted using new malware

PhantomLance, a four-year-long cyberespionage spying campaign

New FurBall Android Malware Used to Spy on Iranian Citizens

Amnesty International employee targeted with NSO group surveillance malware

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs newsletter Round 353

Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration

STOP ransomware encrypts files and steals victim’s data

Mobile Phones of Politicians, Journalists, and members of Royal Families were targeted by Israeli Malware

IT threat evolution Q1 2022

The new Azorult 3.3 is available in the cybercrime underground market

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Security Affairs newsletter Round 214 – News of the week

Security Affairs newsletter Round 222 – News of the week

Apex Legends for Android: a Fake App could Compromise your Smartphone

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Experts detailed new StrongPity cyberespionage campaigns

CSE Malware ZLab – Chinese APT27 ’s long-term espionage campaign in Syria is still ongoing

Stay Connected