Information Security, Malware and Surveillance

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout. Researchers at the Lookout Threat Lab discovered a surveillance tool, dubbed EagleMsgSpy, used by Chinese law enforcement to spy on mobile devices. ” reads the report published by Lookout.

Surveillance

Surveillance Mobile Spyware Malware

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. Development traces back to at least 2018.

Spyware

Spyware Surveillance Technology Mobile

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. NSOs witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.

Spyware

Spyware Surveillance Software Hacking

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). reads the court document.

Spyware

Spyware Hacking Surveillance Malware

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

JULY 12, 2020

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. The move aims at fighting the advertising of any form of surveillance. The tech giant announced that the update will be effective starting from August 11, 2020. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Marketing

White hat hackers gained access more than 150,000 surveillance cameras

Security Affairs

MARCH 10, 2021

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Surveillance

Surveillance Hacking Banking Firmware

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Hacking

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). continues the report.

Surveillance

Surveillance Malware Spyware Accountability

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance Spyware Advertising Software

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The group targets entities in Europe and Central America with a surveillance tool dubbed Subzero. SecurityAffairs – hacking, Subzero malware). ” concludes Microsoft. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication Accountability

Is the Belarusian government behind the surveillance Android app banned by Google?

Security Affairs

SEPTEMBER 3, 2020

According to an anonymous Belarusian security researcher the app was designed for surveillance purposes, it collects info on the device owner and geolocation data, then periodically sends the data back to a remote server. The post Is the Belarusian government behind the surveillance Android app banned by Google?

Surveillance

Surveillance Government Advertising Malware

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. In June 2022, the controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region.

Spyware

Spyware Government Surveillance Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Both groups have conducted long-running cyber-attacks and intrusive surveillance campaigns, which target both individuals’ mobile devices and personal computers.”

Surveillance

Surveillance Mobile Malware Cyber Attacks

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

. — Operation Zero (@opzero_en) March 20, 2025 A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including: Government and Intelligence Demand Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures.

Government

Government Surveillance Mobile Hacking

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. The researchers state that the threat is a relatively new malware family with early samples going back to March 2022.

Spyware

Spyware Surveillance Encryption Malware

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream.

Surveillance

Surveillance Spyware Government Hacking

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Spyware

Spyware Surveillance Telecommunications Mobile

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. ” concludes Citizen Lab.

Spyware

Spyware Surveillance Malware Government

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. Bazar is a lesser known spelling of Bazaar.” List of installed packages.

Surveillance

Surveillance Spyware Malware Mobile

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

UAE government denies using ToTok for mass surveillance

Security Affairs

DECEMBER 30, 2019

The United Arab Emirates denied reports that the popular mobile app ToTok was used as part of a government massive surveillance program. According to a report recently published by the New York Times , the popular app ToTok was used by the UAE government as a surveillance tool. SecurityAffairs – ToTok, surveillance).

Surveillance

Surveillance Government Telecommunications Advertising

Apple fixed the first actively exploited zero-day of 2025

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. Customers are recommended to install the security updates released by the company. As usual, the company did not share details regarding the attacks exploiting the flaw.

Spyware

Spyware Surveillance Media Hacking

EU officials were targeted with Israeli surveillance software

Security Affairs

APRIL 13, 2022

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. The report did not attribute the attacks to a specific threat actor or did not reveal what information was obtained following the compromise of the victims’ devices. .”

Surveillance

Surveillance Software Spyware Hacking

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

The malware also grants attackers access to the devices system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. . Additionally, the list references “Enigma,” which may correspond to the secure messaging platform of the same name.”

Data collection

Data collection Spyware Media Surveillance

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

Security Affairs

APRIL 17, 2023

The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware. Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. and 14.4.2,

Surveillance

Surveillance Spyware Education Media

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages.

Malware

Malware Phishing Surveillance Internet

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Security Affairs

MARCH 19, 2021

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty.

Malware

Malware Surveillance Hacking Technology

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Security Affairs

MARCH 29, 2025

“This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.” ” The new threat mimics modern banking malware, using overlay attacks, keylogging, and remote access. ” ThreatFabric concludes.

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

DECEMBER 12, 2024

Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. These are the first known mobile malware families linked to the Russian APT. These findings tie the mobile surveillance families to Gamaredons desktop campaigns. PlainGnome uses a two-stage deployment.

Mobile

Mobile Malware Surveillance Social Engineering

Russian national indicted for attempting to recruit Tesla employee to install malware

Security Affairs

SEPTEMBER 7, 2020

US authorities have indicted a Russian national for conspiring to recruit a Tesla employee to install malware onto the company’s infrastructure. Russian national Egor Igorevich Kriuchkov (27) has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company’s network.

Malware

Malware Advertising Surveillance Hacking

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. He declined to comment on the particulars of the extortion incident. ”

Hacking

Hacking Ransomware Banking Accountability

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Security Affairs

JULY 19, 2023

government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. national security or foreign policy interests. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses.

Surveillance

Surveillance Spyware Government Technology

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Architecture Software

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Since 2018, the hackers started targeting mobile users with an Android surveillance malware ChatSpy. The two malware were used to spy on personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir. The malware can download content from FTP shares and run arbitrary commands as root.

Spyware

Spyware Surveillance Malware Mobile

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. ” reads the analysis published by Awake Security. The domains were found hosting several browser-based surveillance tools and malware. as the new operating system.

Surveillance

Surveillance Internet Internet Advertising

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

OCTOBER 30, 2019

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. ” reads the lawsuit. ” continues the post.

Surveillance

Surveillance Technology Spyware Mobile

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Spyware

Spyware Surveillance Mobile Education

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Security Affairs

DECEMBER 3, 2021

The US officials targeted by the surveillance software were either based in Uganda or focused on matters concerning the African country, revealed Reuters which was not able to determine which was NSO client that orchestrated the attacks. federal court for illegally targeting its customers with the surveillance spyware Pegasus.

Spyware

Spyware Surveillance Hacking Software

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Security Affairs

SEPTEMBER 18, 2020

Security researchers discovered Android malware capable of bypassing 2FA that was developed by an Iran-linked group dubbed Rampant Kitten. Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Pierluigi Paganini.

Malware

Malware Phishing Accountability Advertising

Alleged Iranian threat actors leak the code of their CodeRAT malware

Security Affairs

SEPTEMBER 4, 2022

The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the. Experts believe that the malware is a surveillance software used by the Iranian government.

Malware

Malware Surveillance Government Hacking

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Trending Sources

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

US NCSC and DoS share best practices against surveillance tools

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Google updates policies to ban any ads for surveillance solutions and services

White hat hackers gained access more than 150,000 surveillance cameras

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Iranian govt uses BouldSpy Android malware for internal surveillance operations

German authorities raid the offices of the FinFisher surveillance firm

European firm DSIRF behind the attacks with Subzero surveillance malware

Is the Belarusian government behind the surveillance Android app banned by Google?

Poland probes Pegasus spyware abuse under the PiS government

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Israeli surveillance firm QuaDream emerges from the dark

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Operation Spalax, an ongoing malware campaign targeting Colombian entities

UAE government denies using ToTok for mass surveillance

Apple fixed the first actively exploited zero-day of 2025

EU officials were targeted with Israeli surveillance software

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Israeli surveillance firm QuaDream is shutting down amidst spyware accusations

APT28 targets key networks in Europe with HeadLace malware

Russian National pleads guilty to conspiracy to plant malware on Tesla systems

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Russian national indicted for attempting to recruit Tesla employee to install malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Experts spotted two Android spyware used by Indian APT Confucius

Hundreds of malicious Chrome browser extensions used to spy on you!

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

NSO Group spyware used to compromise iPhones of 9 US State Dept officials

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Alleged Iranian threat actors leak the code of their CodeRAT malware

Stay Connected