2019, Information Security and Spyware - Cyber Security Informer

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. court over exploiting a vulnerability to deliver Pegasus spyware. In March 2024, Meta won the litigation against the Israeli spyware vendor, a U.S.

Spyware

Spyware Surveillance Software Hacking

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). In 2024, its U.S.

Spyware

Spyware Hacking Surveillance Malware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. from April 29, 2018, to May 10, 2020). from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Software Architecture

WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

Security Affairs

NOVEMBER 16, 2019

The popular messaging platform WhatsApp made the headlines again, a new bug could be exploited by hackers to secretly install spyware. According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices.

Spyware

Spyware Advertising Mobile Information Security

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. ” The analysis of Omar Radi’s iPhone suggests network injection attacks took place on 27 th January, 11 th February, and 13 th of September 2019. .”

Spyware

Spyware Surveillance Mobile Advertising

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

Security Affairs

APRIL 25, 2020

Facebook advocates have challenged a plea from spyware maker NSO Group to dismiss the legal dispute over the hacking accusations, arguing it has immunity from prosecution. Now both companies are providing technical details requested by the cyber-security experts. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Surveillance Advertising Mobile

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

MAY 14, 2019

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device. Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Spyware

Spyware Surveillance Mobile Advertising

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Security Affairs

APRIL 19, 2022

Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Spyware

Spyware Surveillance Government Software

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents.

Spyware

Spyware Surveillance Hacking Government

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Experts believe the attackers used a spyware developed by an Indian company called Innefu Labs. In the past, the Donot Team spyware was found in attacks outside of South Asia. Pierluigi Paganini.

Spyware

Spyware Surveillance Accountability Mobile

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Cisco Talos and the Citizen Lab researchers have published a technical analysis of the powerful Android spyware Predator. Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox).

Spyware

Spyware Surveillance Media Malware

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

JULY 11, 2019

Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. Pierluigi Paganini.

Spyware

Spyware Advertising Mobile Architecture

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. List of installed packages. ” concludes the report. Pierluigi Paganini.

Surveillance

Surveillance Spyware Malware Mobile

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. The binaries are obfuscated and do some checks to detect if the spyware is running in a Virtual Machine. ” reads the Amnesty’s report.

Spyware

Spyware Surveillance Advertising Mobile

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. CVE-2019-8605 internally referred to as SockPort2 and publicly known as SockPuppet CVE-2020-3837 internally referred to and publicly known as TimeWaste. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Google revealed how watering hole attacks compromised iPhone devices earlier this year

Security Affairs

AUGUST 30, 2019

Threat actors used at least five unique iPhone exploit chains that allowed them to remotely jailbreak a device and deliver spyware. Project Zero Team Lead Ben Hawkes revealed that both CVE-2019-7286 and CVE-2019-7287 have been exploited in the wild. — Ben Hawkes (@benhawkes) February 7, 2019. on 7 Feb 2019.

Spyware

Spyware Hacking Advertising Encryption

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Surveillance

Surveillance Spyware Advertising Government

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

The authorities started the investigation last year after the German blog Netzpolitik and some advocacy groups (Reporters Without Borders, Society for Freedom Rights, and the European Center for Constitutional and Human Rights), filed a complaint with Munich prosecutors in the summer of 2019.

Surveillance

Surveillance Spyware Advertising Software

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Every third email, meanwhile, contained spyware , which is used by threat actors to steal payment data or other sensitive info to then put it on sale in the darknet or blackmail its owner. Another 17 percent contained downloaders, while backdoors and banking Trojans came third with a 16- and 15-percent shares, respectively.

Phishing

Phishing Ransomware Spyware Banking

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

Security Affairs

MARCH 7, 2021

In the last years, security experts documented multiple hacking and disinformation campaigns, attributed to Russia-linked APT groups, that targeted Lithuania, Estonia , and Latvia. The head of cyber security Rimtautas Cerniauskas confirmed the discovery of at least three Russian spyware on government computers since 2015.

Cyber Attacks

Cyber Attacks Spyware Government Hacking

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019.

Firmware

Firmware Spyware Surveillance Hacking

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Group. ” The KISMET exploit chain doesn’t work against iOS 14 and above because the new mobile iOS implements additional security protections.

Hacking

Hacking Surveillance Spyware Government

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

APRIL 9, 2020

Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails, with AgentTesla topping the list of phishers’ favorite strains. Spyware: the most likely COVID-19 payload. Most COVID-19-related phishing emails analyzed had different spyware strains embedded as attachments. Source: CERT-GIB.

Phishing

Phishing Malware Spyware DDOS

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. ” Security researchers said that Apple sent the warnings to its users targeted between February and September 2021. ” concludes the report.

Surveillance

Surveillance Software Spyware Hacking

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device. Today @WhatsApp is taking a stand against the dangerous use of spyware. link] — Will Cathcart (@wcathcart) October 29, 2019.

Surveillance

Surveillance Technology Spyware Mobile

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers spotted new variants of the Windows GravityRAT spyware that now can also infect Android and macOS devices. The malware researchers found the new Android GravityRAT sample in 2019, on VirusTotal. Crooks also started using digital signatures to make the apps look more legitimate.

Malware

Malware Computers and Electronics Spyware Advertising

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. Apple addressed the flaw used by the ForcedEntry exploit in September 2021, rendering both NSO and QuaDream’s spyware ineffective.

Surveillance

Surveillance Spyware Government Hacking

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. In July, Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware.

Surveillance

Surveillance Spyware Software Government

Joker malware infected 538,000 Huawei Android devices

Security Affairs

APRIL 11, 2021

The fight to the Joker malware (aka Bread) begun in September 2019 when security experts at Google removed from the official Play Store 24 apps because they were infected with a new spyware tracked as “ the Joker. ”. Experts from antivirus firm Doctor Web discovered ten apps in AppGallery that were containing the malicious code.

Malware

Malware Spyware Mobile Antivirus

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps.

Malware

Malware Mobile Spyware Encryption

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

In 2019 we discussed several times about the abuse of surveillance software, in October WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. “There is no consensus among member states on the need or value of drafting a new treaty.

Cybercrime

Cybercrime Surveillance Spyware Government

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

In 2019, researchers from Dr. Web discovered a backdoor trojan in Google Play, which appeared different from other threats due to its level of sophistication for this reason Kaspersky investigated it. . “One of the latest samples was published on the official Android market on November 6, 2019.

Malware

Malware Advertising Marketing Hacking

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

In 2016, researchers from the non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried out by the Stealth Falcon. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents.

Malware

Malware Spyware Architecture Encryption

Security Affairs newsletter Round 301

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B

Phishing

Phishing Spyware Data breaches Surveillance

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Advertising Spyware Software

Phishers turning hard-working: CERT-GIB records upsurge of phishing resource blockages as duration of attacks grows

Security Affairs

MAY 8, 2020

Group-IB, a Singapore-based cybersecurity company, observed the growth of the lifespan of phishing attacks in the second half of 2019. H2 2019 has proved the tendency of past several years: mail remains the main method of delivering ransomware, spyware, backdoors and other malware, being used by cyber crooks in 94 percent of cases.

Phishing

Phishing Spyware Banking Malware

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

The source code of the Xerxes malware was leaked online around May 2019. The BlackRock malware borrows the code from the Xerxes banking malware, which is a strain of the popular LokiBot Android trojan. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Banking Mobile Advertising

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

SAP Patch Day – July 2019 addresses a critical flaw in Diagnostics Agent. CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 Experts spotted a rare Linux Desktop spyware dubbed EvilGnome. Paper Copy. Once again thank you! For nearly a year, Brazilian users have been targeted with router attacks.

Small Business

Small Business Media Spyware Advertising

Operation Triangulation attacks relied on an undocumented hardware feature

Security Affairs

DECEMBER 28, 2023

According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing. In June, Kaspersky announced that after a six-month-long investigation, they completed the collection of all the components of the attack chain and the analysis of the spyware implant, tracked as TriangleDB.

Spyware

Spyware Firmware Mobile Malware

Analyzing the TriangleDB implant used in Operation Triangulation

Security Affairs

JUNE 22, 2023

Kaspersky researchers dug into Operation Triangulation and discovered more details about the exploit chain employed to deliver the spyware to iOS devices. According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing. The message has an attachment containing an exploit.

Spyware

Spyware Malware Mobile Encryption

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022.

Backups

Backups Spyware Ransomware Education

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Adobe Patch Tuesday updates for July 2019 address only 5 minor flaws. Microsoft released Patch Tuesday security updates for July 2019. New FinFisher spyware used to spy on iOS and Android users in 20 countries. CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack.

Data breaches

Data breaches Spyware Advertising Government

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Poland probes Pegasus spyware abuse under the PiS government

Trending Sources

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Facebook vs NSO Group lawsuit: 1,400+ users were targeted with Pegasus spyware

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks

Pegasus spyware used to spy on a Polish mayor

Donot Team targets a Togo prominent activist with Indian-made spyware

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Researchers analyzed the PREDATOR spyware and its loader Alien

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Unknown FinSpy Mac and Linux versions found in Egypt

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Google revealed how watering hole attacks compromised iPhone devices earlier this year

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

German authorities raid the offices of the FinFisher surveillance firm

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

Second-ever UEFI rootkit used in North Korea-themed attacks

Zero-day exploit used to hack iPhones of Al Jazeera employees

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

EU officials were targeted with Israeli surveillance software

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

GravityRAT malware also targets Android and macOS

Israeli surveillance firm QuaDream emerges from the dark

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Joker malware infected 538,000 Huawei Android devices

New enhanced Joker Malware samples appear in the threat landscape

UN approves Russia-Cina sponsored resolution on new cybercrime convention

PhantomLance, a four-year-long cyberespionage spying campaign

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs newsletter Round 301

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Phishers turning hard-working: CERT-GIB records upsurge of phishing resource blockages as duration of attacks grows

New Android BlackRock malware targets hundreds of apps

Security Affairs newsletter Round 223 – News of the week

Operation Triangulation attacks relied on an undocumented hardware feature

Analyzing the TriangleDB implant used in Operation Triangulation

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 222 – News of the week

Stay Connected