Accountability, Hacking and Spyware - Cyber Security Informer

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). In 2024, its U.S.

Spyware

Spyware Hacking Surveillance Malware

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. court over exploiting a vulnerability to deliver Pegasus spyware. In March 2024, Meta won the litigation against the Israeli spyware vendor, a U.S. This ruling is a huge win for privacy.

Spyware

Spyware Surveillance Software Hacking

Stalkerware Vendor Hacked

Schneier on Security

JUNE 28, 2023

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy.

Hacking

Hacking Spyware Accountability Data breaches

WhatsApp says Paragon is spying on specific users

Malwarebytes

FEBRUARY 3, 2025

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other members of civil society were targets of a spyware campaign conducted by the Israeli spyware company.

Spyware

Spyware Accountability Encryption Government

Technical Report of the Bezos Phone Hack

Schneier on Security

JANUARY 24, 2020

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it.

Hacking

Hacking Backups Spyware Encryption

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

“All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. In May 2015, KrebsOnSecurity broke the news that mSpy had been hacked and its customer data posted to the Dark Web. mSpy pledged to redouble its security efforts in the wake of the 2015 breach.

Spyware

Spyware Mobile Advertising Software

Malware in Google Apps

Schneier on Security

MAY 5, 2020

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Malware

Malware Spyware Phishing Government

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Security Affairs

DECEMBER 3, 2021

Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware. The iPhones of at least nine US state department officials were compromised with the NSO Group’s spyware Pegasus. “Apple Inc iPhones of at least nine U.S. .

Spyware

Spyware Surveillance Hacking Software

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. Goontact implement common spyware features, including the ability to gather data from the infected devices and gather system info. The spyware is likely used as part of a sextortion campaign.

Spyware

Spyware Mobile Surveillance Malware

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Security Affairs

OCTOBER 25, 2021

Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group’s Pegasus spyware. The device was compromised two times, in July 2020 and June 2021.

Spyware

Spyware Hacking Backups Accountability

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Security Affairs

SEPTEMBER 7, 2023

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Group ’s Pegasus spyware.

Spyware

Spyware Accountability Hacking Mobile

Pegasus spyware found on UK government office phone

Malwarebytes

APRIL 21, 2022

” John Scott-Railton recalled after finding out on July 7, 2020 that Pegasus, the highly sophisticated flagship spyware of Israel’s NSO Group, was used to infect a phone linked to the network at 10 Downing Street, the UK Prime Minister’s home and office. “When we found the No. 10 case, my jaw dropped.” Hello, Maestro?

Spyware

Spyware Government Hacking Surveillance

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Security Affairs

NOVEMBER 3, 2023

Kaspersky researchers are warning of multiple WhatsApp mods that embed a spyware module dubbed CanesSpy. Kaspersky researchers discovered multiple WhatsApp mods that embed a spyware module dubbed CanesSpy. mods are modifications or alterations made to an application, often by third-party developers or users.

Spyware

Spyware Malware Mobile Advertising

Experts warn of anomalous spyware campaigns targeting industrial firms

Security Affairs

JANUARY 21, 2022

Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email account credentials and carry out fraudulent activities.

Spyware

Spyware Accountability Social Engineering Phishing

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

Security Affairs

AUGUST 30, 2023

FlyGram can be used to extract basic device information, and sensitive data, such as contact lists, call logs, and the list of Google Accounts. The following video shows how the attacker associates the compromised device to the attacker’s Signal account without any user interaction. org) and a Telegram alternative app (flygram[.]org).”

Spyware

Spyware Accountability Malware Hacking

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

Infected users are also vulnerable to having their credentials, accounts, and other vital data stolen.” SecurityAffairs – hacking, XCSSET). The post XCSSET Mac spyware spreads via Xcode Projects appeared first on Security Affairs. .” reads the analysis published by Trend Micro. Pierluigi Paganini.

Spyware

Spyware Malware Advertising Cryptocurrency

CISA Issues Alert to Secure iPhones Against Pegasus Spyware Zero-Days

SecureWorld News

SEPTEMBER 13, 2023

Alarming details have emerged about the exploitation of two Zero-Day vulnerabilities to deploy NSO Group's Pegasus commercial spyware on iPhones. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim." In response to this threat, the U.S.

Spyware

Spyware Government Cybersecurity Backups

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Security Affairs

NOVEMBER 24, 2021

federal court for illegally targeting its customers with the surveillance spyware Pegasus. According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware.

Spyware

Spyware Surveillance Software Hacking

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

OCTOBER 11, 2021

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Experts believe the attackers used a spyware developed by an Indian company called Innefu Labs. In the past, the Donot Team spyware was found in attacks outside of South Asia. Pierluigi Paganini.

Spyware

Spyware Surveillance Accountability Mobile

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Marketing Spyware

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. The impact of the burgeoning scandal continues to ripple.

Spyware

Spyware Mobile Government Surveillance

Spyware app LetMeSpy hacked, tracked user data posted online

Malwarebytes

JUNE 29, 2023

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts. That's because LetMeSpy is often invisible to the phone's owner.

Spyware

Spyware Hacking Antivirus Passwords

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Spyware

Spyware Surveillance Malware Government

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Updated Android spyware GravityRAT steals WhatsApp Backups

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico.

Backups

Backups Spyware Malware Accountability

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

Security Affairs

FEBRUARY 10, 2025

However, the circumstance that the Citizen Lab researchers discovered the attack suggests that the threat actor may have used a zero-day exploit to deliver commercial spyware in highly targeted attacks. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware.

Spyware

Spyware Media Hacking Accountability

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. The exploits were used to install commercial spyware and malicious apps on targets’ devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Mobile Education

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. “Overlapping infrastructure and TTPs indicate these campaigns are connected to APT15, a Chinese-backed hacking group that’s also known as VIXEN PANDA and NICKEL. SecurityAffairs – hacking, Uyghurs).

Surveillance

Surveillance Spyware Malware Mobile

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

JULY 25, 2019

Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. ( Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

Fake Signal and Telegram Apps in the Google Play Store

Schneier on Security

SEPTEMBER 14, 2023

The Trojan has been linked to a China-aligned hacking group tracked as GREF. Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities.

Malware

Malware Accountability Hacking Spyware

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

affiliate sideloads Cobalt Strike through Windows Defender Gootkit AaaS malware is still active and uses updated tactics Austria investigates DSIRF firm for allegedly developing Subzero spyware ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A. SecurityAffairs – hacking, newsletter).

Spyware

Spyware Manufacturing Small Business Surveillance

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 9, 2025

Here’s how data awareness can help HTTP Client Tools Exploitation for Account Takeover Attacks Dangerous hacker responsible for more than 40 cyberattacks on strategic organizations arrested Whos Behind the Seized Forums Cracked & Nulled?

Spyware

Spyware Cybercrime Scams Social Engineering

Account Takeover: What is it and How to Prevent It?

Identity IQ

MAY 7, 2021

What is Account Takeover? Account takeover, also known as ATO, is a form of identity theft in which a malicious third party gains access to or “takes over” an online account. One of the primary reasons behind this massive rise in account takeover is the relative ease with which it can be done. Account Takeover Prevention.

Accountability

Accountability Data breaches Passwords Social Engineering

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. It can also steal cookies and login info from victims’ accounts on Facebook, YouTube, Amazon, and Airbnb. Pierluigi Paganini.

Spyware

Spyware Adware Malware Accountability

Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

Threatpost

MARCH 21, 2022

The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts.

Accountability

Accountability Spyware Media Malware

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

. “In August 2020, the Google Ads Enabling Dishonest Behavior policy will be updated to clarify restrictions on advertising for spyware and surveillance technology.”reads Google will issue a warning for any violation of the policy before suspending the accounts that doesn’t respect the rules within 7 days.

Surveillance

Surveillance Spyware Advertising Marketing

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. The following image shows a landing page to trick Italian users into installing one of the following apps in order to recover their accounts. SecurityAffairs – hacking, RCS Labs).

Surveillance

Surveillance Mobile Spyware Telecommunications

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 11, 2023

CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Accountability Hacking Risk

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Security Affairs

NOVEMBER 2, 2022

Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Bahá?í.

Spyware

Spyware Malware VPN Accountability

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. Daniel Kaye. Photo: National Crime Agency. Daniel Kaye , an Israel-U.K. Daniel Kaye , an Israel-U.K. to face charges there.

DDOS

DDOS Internet Internet Spyware

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk

Risk Spyware Hacking Accountability

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches

Data breaches Social Engineering Malware Hacking

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Trending Sources

Stalkerware Vendor Hacked

WhatsApp says Paragon is spying on specific users

Technical Report of the Bezos Phone Hack

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Malware in Google Apps

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Sextortion campaign uses Goontact spyware to target Android and iOS users

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Pegasus Project – how governments use Pegasus spyware against journalists

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Pegasus spyware found on UK government office phone

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Experts warn of anomalous spyware campaigns targeting industrial firms

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

XCSSET Mac spyware spreads via Xcode Projects

CISA Issues Alert to Secure iPhones Against Pegasus Spyware Zero-Days

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Donot Team targets a Togo prominent activist with Indian-made spyware

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Spyware app LetMeSpy hacked, tracked user data posted online

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Updated Android spyware GravityRAT steals WhatsApp Backups

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Fake Signal and Telegram Apps in the Google Play Store

Security Affairs newsletter Round 377

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Account Takeover: What is it and How to Prevent It?

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

Google updates policies to ban any ads for surveillance solutions and services

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Courts Hand Down Hard Jail Time for DDoS

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected