Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security MOIS and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX...

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the...

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy aka AndroidControl, was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering...

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware

Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized...

Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan R...

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

Google's Threat Analysis Group TAG on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to...

Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company...

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists

A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators,...

Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers

Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the...

Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware

In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard...

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI Unified Extensible Firmware Interface bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected i...

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover...

Military, Nuclear Entities Under Target By Novel Android Malware

Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat APT group to target military, nuclear and election entities in Pakistan and Kashmir. The two malware families, which researchers call “Hornbill” and “SunBird,” have sophisticated...

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017,...

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017,...

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal. Hebeisen...

Google Bans Stalkerware Ads – With a Loophole

Google will soon prohibit ads on its platform that promote stalkerware products and services – but the tech giant’s ban comes with a catch that some security experts worry will render it ineffective. Starting August 2020, Google’s ads policy will be updated to ban advertisements for stalkerware,...

New Android Spyware Tools Emerge in Widespread Surveillance Campaign

Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. The campaign uses three never-before-seen Android surveillanceware tools, dubbed SilkBean, GoldenEagle and...

Fake Skype, Signal Apps Used to Spread Surveillanceware

Cybercriminals are increasingly peddling booby-trapped version of popular apps such as Skype and Signal that contain surveillanceware. Apurva Kumar, security intelligence engineer at Lookout, said that one such surveillanceware family that’s been spotted using this tactic is Monokle, a...

Unique Monokle Android Spyware Self-Signs Certificates

A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan RAT for Android called Monokle, has been spotted using novel techniques to exfiltrate data. According to the Lookout researchers who discovered Monokle in the wild, the malware has the ability to self-sign...