As the festive season commences, so do online sales, and in turn, increased online shopping. The festive season is one of the busiest times in terms of online shopping. And scammers know this well. While you prepare to shop your hearts out this festive season, they are gearing up to scam innocent users. Keeping that in mind cybersecurity experts from Seqrite Labs have shared critical trends in digital frauds. When you shop online, make sure that you’re safe. Here are some scams that are pretty common around the festive season:

Fake shopping websites

As I mentioned previously, the festive season calls for a lot of shopping. Scammers have created many fake shopping websites that pretty much look like the real ones. The fake links are shared along with festive wishes on WhatsApp, mail, or SMS. Once the users go to these websites, they often end up getting scammed, the product never gets delivered, and often their personal data is misused too.

IRCTC application scam

People travel a lot during the festive season and now a fake IRCTC website has been identified that steals users’ data when comes to booking their tickets. The fake website is lined with spyware that steals credentials from Facebook and Google, extracts codes from Google Authenticator, tracks GPS locations, and can even use the device’s camera to capture videos.

Gift card scam

Scammers also send fake messages stating that a user has won a certain prize or gift card. Such messages often read, “Dear customer, congratulations! You have won….” They ask users to claim this by clicking on a link. The link directs them to malicious websites where users’ personal data is compromised.

Banking reward scams

Under this scam, fraudsters will lure you into downloading harmful APK files. Urgency messages such as “available only today” or “last day to avail” will be added to create a sense of urgency. With these links, they will promise some exciting prices or will say that your account has been blocked due to a KYC error or something and hence you should do the required work urgently. And once you click on these links you might lose out on your money, your personal data can be misused, etc. Read More: https://www.digit.in/news/general/alert-dont-fall-for-these-4-online-shopping-scams-that-could-ruin-your-festive-season.html Source Credit: https://www.digit.in/

Network Indiana

STATEWIDE — Indiana State Police are warning the public to be aware of an email extortion scam that’s surfaced in Indiana. Cybercrime detectives say this one has been happening repetitively for the last couple of months. “It shows up as an email. The scammer has done homework on the target. They have a lot of personal information that they will use to confirm what that person knows is real,” said Indiana State Police Sergeant John Perrine in Indianapolis. The scammer will tell the person that they have installed Pegasus spyware on the target’s phone and then attempt to extort money from them. “Pegasus spyware is a very specific software that has not been found to be used in the private market yet. So if anyone says they have this on a private citizen, then that’s just a red flag that’s simply not true,” said Perrine. On a bigger level, Perrine says you need to be mindful that scammers are becoming more sophisticated in their nefarious ways. “They prey on information that people are sensitive about and then they use that information to prey on them. So if something doesn’t seem right to you, it probably isn’t right,” said Perrine. Read More: https://www.newsnowwarsaw.com/email-scam-in-indiana-relies-on-pegasus-spyware/ Source Credit: www.newsnowwarsaw.com

Anyone with an Android phone in their pocket would be wise to follow three rules to avoid worrying new risk. Don't download another app onto your Android phone until you know about the latest risks. Millions of users have already been infected with a vicious bug called Necro and there's some simple advice to help stop you from becoming its next victim. This nasty trojan - which was first discovered by the security team at Kaspersky back in 2019 - is fully capable of stealing personal data. However, once installed it can also set about signing unsuspecting Android owners up for expensive subscriptions without their permission. So how does it make its way onto devices and how can you stop it? The easiest way for hackers to install Necro is via so-called 'mods'. These modified apps promise to offer additional features than those found on official applications such as WhatsApp and Spotify. This enticing-sounding software isn't available via the Google Play Store with users side-loading things instead. Even if you never add apps from unofficial sources you still need to be on high alert.

It appears that a few apps on Google's Play Store have also been infected with Necro making this ab even more worrying threat.

According to Kaspersky, one application called Wuta Camera was downloaded over 10 million times from Google Play before Necro was discovered and removed from the photo editing service. Now, in a bid to stop more users from becoming a victim of Necro, Kaspersky has issued some vital advice which you are wise not to ignore. • Kaspersky strongly advises against downloading apps from unofficial sources because the risk of device infection is extremely high. Secondly, apps on Google Play and other official platforms should also be treated with a healthy dose of skepticism. Even a popular app like Wuta Camera, with 10 million downloads, proved powerless in the face of Necro. Make sure to protect your devices so as not to be caught off guard by a Trojan. • Check the app page in the store before downloading. Kaspersky says it recommends looking at reviews with low ratings, as these generally give heads-up about potential pitfalls. Rave reviews could be fake, while a high overall score is easy to inflate. • Don’t look for mods or hacked versions. Such apps are almost always stuffed with all kinds of Trojans: from the most harmless to mobile spyware like CanesSpy. Read More: https://www.mirror.co.uk/tech/android-warning-necro-attack-app-33755973 Source Credit: https://www.mirror.co.uk/

Under Prime Minister Robert Fico, the Slovak government reportedly recently acquired spyware similar to Pegasus, capable of infiltrating mobile phones and gaining full access. Once inside a phone, the spyware can extract data from its microphone, camera, and screen. It can even download app content, including from encrypted platforms like Signal. This sophisticated tool can infect the phone remotely, requires no user interaction, making it nearly impossible to prevent infiltration. Human rights organizations such as Article19 expressed grave concern over this development, and in particular over the fact that Slovakia’s spyware acquisition came as the Fico government worsened democratic and human rights conditions in Slovakia. Article19 also highlighted “the historical context of Pegasus’s use” in surveilling “journalists, human rights activists, and political dissenters” in European and other countries. The original report on Slovakia’s spyware acquisition came from Denník N, which cited opposition MP and security and defense expert Juraj Krúpa (Freedom and Solidarity party; SaS) as one of their sources. Denník N also claimed to have confirmed the Fico government’s spyware purchase from four additional sources close to the Slovak security community. When asked by VSquare, Krúpa himself confirmed receiving consistent information on the surveillance tool acquisition from three independent sources (it is unclear if Denník N and Krúpa’s sources overlap). These sources told the opposition MP that the Slovak Information Service (SIS) has been trying to get their hands on the “latest version” of spyware similar to Pegasus for a long time. After negotiations, the spyware supposedly went through a testing period over the summer before it was finally deployed in September. “I’m aware that some opposition politicians and journalists are being targeted [with surveillance], and they are attempting to dig up compromising information on them,” Krúpa told VSquare. Meanwhile, the Slovak government denies these reports. However, it is worth recalling that, after Hungary’s and Poland’s abuse of Pegasus came to light, their governments denied using it, too. How is such spyware operating in Slovakia? The most famous spyware of recent years, Pegasus, is manufactured and sold by NSO Group, an Israeli company. The private firm was established by former Israeli intelligence officers. Access to the software has been political, too: the spyware’s export licenses are approved by the Israeli Ministry of Defense. The name of the spyware being used in Slovakia is not yet known, nor is the company behind it. However, Krúpa’s sources identified it as an Israeli firm. Besides Pegasus and NSO Group, there is another Israeli spyware company – Predator, developed by Cytrox/Intellexa – that was identified as being connected to the surveillance of journalists and opposition politicians in Europe in recent years. The possession of such spyware by EU countries’ governments seems to be widespread. The European Parliament Committee of Inquiry, meant to investigate the use of Pegasus and equivalent surveillance spyware (PEGA Committee), concluded in 2023 that the majority of EU member states have purchased some kind of spyware. However, these tools are frequently misused and applied to the surveillance of journalists, political opposition figures and activists, which is why civil society has been critical of spyware purchases. According to Krúpa, Slovakia’s SIS does not own the system that operates the recently purchased spyware. Instead, they are paying per each device that is surveilled. Generally, spyware technologies work on a similar subscription or service basis, whereby a select number of targets are under surveillance for a specific period, for which the tool is then operated by the spyware company. Krúpa also told VSquare that the acquisition of this tool did not require approval from the Slovak parliament or its special oversight committee, which exists to monitor SIS and remain abreast of national security matters. Previous leaks had already revealed that Slovakia has certain spyware. For example, documents published on WikiLeaks in 2014 showed that Slovakia purchased the FinFisher spyware, developed by Gamma Group. This was followed by a leak of communication between Slovak intelligence and the Italian Hacking Team company over the possible purchase of the company’s Galileo software. Neither of these purchases were officially confirmed. In 2021, Slovak military intelligence stated that they did not use this system, but SIS, refused to comment. Krúpa further discussed the SIS’s alleged ability to surveil devices without a court order because of a lack of oversight mechanisms, especially with a new spyware. According to his information, within the Slovak national security apparatus, only SIS has access to the spyware. According to the law, there are, in theory, five organizations that have the right to carry out surveillance in general: the police force, the Slovak Information Service, military intelligence, the Corps of Prison and Judicial Guards, and the customs administration. However, in the current Slovak Penal Code, the use of surveillance is approved under specific conditions, and surveillance without a court order is only allowed in critical situations. Even in this case, the court needs to be contacted within one hour after beginning surveillance. Fico’s government denies everything As was the case following previous leaks over Slovakia’s acquisition of spyware, SIS refused to comment on recent reports, arguing that the confidentiality of all their operations does not allow them to share any information publicly. They added that, if the potential spyware is used for the intended purpose of uncovering illegal activities, sharing any details could hinder investigations. Both Minister of Interior Matúš Šutaj Eštok (Hlas) and Minister of Defense Robert Kaliňák (Smer-SD) denied the purchase of the reported spyware. They claimed such a purchase would have been impossible because Slovak law prohibits such technology. “No Pegasus. On the contrary, in the case of this ‘worm,’ we have to approve legislation that will prevent it, because it would really be an invasion of privacy if such a system existed [in Slovakia],” Prime Minister Robert Fico stated at a press conference after a party meeting. However, Fico’s carefully chosen words about future legislation banning Pegasus led to speculation that his government obtained not Pegasus, but some other spyware. Matúš Harkabus, a former prosecutor at the Special Prosecutor’s Office, which no longer exists as it was shut down by Fico’s government earlier this year, explained in a Facebook post that the use of similar spyware is entirely possible under current Slovak laws. For now, many questions remain unanswered, including regarding the direction of new legislation in Slovakia on the functioning of potential surveillance methods – or the complete ban of Pegasus, as suggested by government members. There is one body that could provide answers to these questions, at least in theory: the Slovak parliament’s special committee overseeing SIS activities. However, this committee had an eventful summer, which culminated in the removal of its opposition chair, Mária Kolíková, on June 27. Without a chair, the committee cannot hold meetings, thus making the committee non-functioning. On September 17, 2024, a new chairman was appointed from within the ruling coalition, Samuel Migaľ (Smer-SD). This development was announced at a press conference, where Migaľ appeared alongside SIS director Pavol Gašpar and his father, Tibor Gašpar. The older Gašpar is currently the new vice-speaker of the parliament. In the previous Fico government, he was Slovakia’s police chief, a role he conducted in such a way that he is now facing multiple investigations and charges, including for alleged bribery and organized crime. Initially, Fico wanted the elder Gašpar to lead SIS, but he eventually settled for his son. While coalition and opposition parties agree that the oversight committee’s chair needs to be an MP from the opposition, the ruling majority refused to approve Kolíková for another term, claiming that she “harmed the reputation” of SIS. During her tenure, Kolíková started scrutinizing how regulation around SIS had been changed, suspecting that these changes had been made to help the untransparent appointment of a new director avoid scrutiny. Following Poland and Hungary’s example While opposition MP Juraj Krúpa lacked precise information on the cost of the spyware, he estimated that the price could amount to millions of euros. Since the Fico government recently purchased a BARAK MX Israeli air defense system for €554 million, there is now speculation that it might have come as part of a package deal along with Israeli spyware. Krúpa could not tell VSquare whether the purchase of Israeli spyware happened directly or through an intermediary, as was the case in Hungary. Hungary was the first EU country hit by the Pegasus spyware scandal. In 2021, an international investigation dubbed the “Pegasus Project” found more than 300 Hungarian telephone numbers in a leaked database of more than 50,000 numbers, all of which had allegedly been targeted by NSO Group’s international customers using Pegasus. Among the Hungarian numbers were those of journalists working for independent outlets (including journalists from Direkt36, VSquare’s Hungarian partner center), lawyers, politicians and businessmen who owned media critical of Viktor Orbán’s government. Hungary’s government initially refused to acknowledge the purchase of the spyware, or to cooperate with the European Parliament inquiry committee investigating spyware abuses. Later, Direkt36 also found the intermediary company that purchased the Pegasus spyware for Hungarian intelligence for around €6 million. In Poland, the story was almost the same. Polish journalist Michał Kokot, an author of a book about the Pegasus surveillance scandal in Poland, told VSquare that, in December 2021, the reaction from the Law and Justice (PiS) government was very similar to that of Kaliňák, Šutaj Eštok and Fico – that is, they simply denied having obtained the Pegasus spyware. “They did it for weeks until [PiS leader Jaroslaw] Kaczyński in early 2022 confirmed that such a system exists,” said Kokot. But even then, ruling party politicians claimed that the operation of the  Pegasus system in Poland served only criminal, and not political, purposes. It was only when the case of Krzysztof Brejza came to light that it became clear how untrue that claim was. Brejza was the manager of the opposition’s campaign in 2019, when PiS surveilled him, his father and his assistant under a criminal pretext,” Kokot added. It was only after the Polish parliamentary elections in 2023, when PiS was defeated by the Donald Tusk-led coalition of democratic parties, that it was possible to start a proper investigation, which is still underway. “They [the Tusk government] face massive problems with getting access to the information from the services, officially due to security reasons. Part of their findings, the most interesting ones, will be classified and not open to the public,” Kokot said. He doesn’t believe that the Polish public will receive answers in the foreseeable future on whether the system was bought for political or professional reasons. “One thing is sure: the misuse of Pegasus led to a ban from the Israeli producer NSO. The Polish services lost a great tool, which made it possible for them to obtain encrypted messages and calls remotely from devices of the suspects. They and the prosecutors miss it a lot,” the journalist said. Kokot referred to reports following the Pegasus surveillance scandals in Poland and Hungary. These reports claimed that NSO Group terminated the contracts with two unnamed clients from within the European Union, which was widely believed – but never officially confirmed – to be these two countries. Meanwhile, European NGOs want to prohibit the use of Pegasus and similar spyware everywhere in the EU. The regulation or ban of spyware on EU level has been a discussion point since 2021 and revelations around the Pegasus Project, which made clear the wide scale abuse of this technology on the continent. But as a reaction to subsequent findings of the European Parliament’s PEGA Committee and criticism of the insufficient powers and unenforceable nature of the European Media Freedom Act (EMFA), a coalition of civil society organizations is asking EU institutions for more substantial changes. Among the requests are a new EU legal framework, and until that is in place, a moratorium on spyware purchases, spyware development, and checks on compliance of member states. Read More: https://vsquare.org/slovakia-robert-fico-pegasus-spying-human-rights/ Source Credit: https://vsquare.org/

A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. The new variant, analyzed by ThreatFabric, features better operational stability, more advanced anti-analysis and anti-detection mechanisms, and a domain generation algorithm (DGA) system for resilient command and control (C2) communications. Ultimately, its appearance in the wild confirms that the project is alive and evolving despite the turbulence it went through recently. Brief history and evolution Octo is an Android banking trojan that evolved from ExoCompact (2019-2021), which itself was based on the ExoBot trojan that launched in 2016 and had its source code leaked online in the summer of 2018. ThreatFabric discovered the first version of Octo in April 2022 on fake cleaner apps in Google Play. TF's report at the time highlighted the malware's on-device fraud capabilities that allowed its operators extensive access to the victim's data. Among other things, Octo v1 supported keylogging, on-device navigation, SMS and push notification interception, device screen locking, sound muting, arbitrary app launches, and using infected devices for SMS distribution. ThreatFabric says the Octo was leaked this year, causing multiple forks of the malware to appear in the wild, presumably creating a dent in the sales for the original creator, 'Architect.' Following these events, Architect announced Octo2, likely as an attempt to throw an upgraded version into the malware market and spark cybercriminals' interest. The malware's creator even announced a special discount for customers of Octo v1. Octo2 operations in Europe Campaigns currently deploying Octo2 focus on Italy, Poland, Moldova, and Hungary. However, as the Octo Malware-as-a-Service (MaaS) platform has previously facilitated attacks worldwide, including in the U.S., Canada, Australia, and the Middle East, we will likely see Octo2 campaigns appear in other regions soon. In European operations, the threat actors use fake NordVPN and Google Chrome apps, as well as a Europe Enterprise app, which is likely a lure used in targeted attacks. Octo2 uses the Zombider service to add the malicious payload into these APKs while bypassing Android 13 (and later) security restrictions. More stable, more evasive, more capable Octo2 is more of a rolling upgrade to the first version, improving the malware incrementally rather than implementing ground-breaking changes or rewriting code from scratch. First, the malware author introduced a new low-quality setting on the remote access tool (RAT) module called "SHIT_QUALITY" that reduces data transmissions to a minimum, allowing more reliable connectivity when internet connection speeds are subpar. Octo2 also decrypts its payload using native code and complicates analysis by dynamically loading additional libraries during execution, further improving its already strong evasion capabilities. Finally, Octo2 introduces a DGA-based C2 domain system that allows the operators to quickly update and switch to new C2 servers, rendering blocklists ineffective and improving resilience against server takedown attempts.

ThreatFabric also notes that Octo2 now receives a list of apps to intercept and block push notifications from, allowing the operators to refine their targeting scope.

Octo2 has not been spotted on Google Play, so its distribution is currently believed to be limited to third-party app stores, which Android users should avoid. Read More: https://www.bleepingcomputer.com/news/security/new-octo-android-malware-version-impersonates-nordvpn-google-chrome/ Source Credit: https://www.bleepingcomputer.com/

Four men living in the UK, believed to have been targeted by Middle Eastern states, file criminal complaint against Israeli spyware firm and linked companies Four UK-based activists and civil society leaders, believed to have been targeted with Pegasus spyware by one of three Middle Eastern states, have asked the Metropolitan Police to investigate their hacking. In a criminal complaint filed this week, they accuse three companies of violating UK laws by enabling the men to be hacked through their decision to supply the spyware to states notorious for their human rights abuses. The companies named in the 98-page complaint seen by Middle East Eye are NSO Group, the Israel-based developer of Pegasus; its parent company, Luxembourg-based Q Cyber Technologies; and Novalpina Capital, a London-based private equity firm which bought NSO in 2019. Investigators believe the phones of the four men were targeted by Saudi Arabia, the United Arab Emirates and Bahrain with Pegasus on UK soil between 2018 and 2020. Their cases are among several attacks alleged to have involved Pegasus on UK soil in recent years, including the targeting of the prime minister's office, the Foreign, Commonwealth and Development Office, and a member of the House of Lords, Baroness Fiona Shackleton, when she was acting as the legal representative of Princess Haya of Dubai. The UK government has not taken legal action against those responsible. Leanna Burnard, a lawyer at the UK-based Global Legal Action Network which prepared the complaint, said this is an opportunity "for victims of these egregious human rights violations to finally get justice". "Pegasus software has been used by malign actors overseas to undermine the UK's sovereignty and threaten its democratic values. It is in the national interest that those responsible be held to account to demonstrate that attacks on human rights defenders on British soil will not be tolerated." NSO Group did not respond to MEE's request for comment but Gil Lanier, vice president for global communications at NSO, told The Intercept: "Due to regulatory constraints, we cannot confirm or deny any alleged specific customers. “NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law enforcement agencies," he said. "Our customers use these technologies daily, as Pegasus continues to play a crucial role in thwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.” Representatives for Novalpina Capital, which was liquidated in 2021 when it was removed as manager of its own fund, could not be reached. 'Sleepless nights' One of the victims, Yusuf al-Jamri, a Bahraini activist who was tortured by the Bahraini government, said he was devastated when he realised his phone had been hacked in the UK where he had sought asylum. "I spent countless sleepless nights fearing the potential harm to those who had entrusted me with their sensitive information," he said. Jamri called on the police to hold those responsible to account. "Cyber-attacks on personal privacy must be treated with the same seriousness as hacking a bank - criminals must be held accountable. No one should be above the law," he said. The three other victims party to the complaint are Anas Altikriti, the founder and CEO of the UK-based Cordoba Foundation; Azzam Tamimi, a British-Palestinian academic and activist; and Mohammed Kozbar, chairman of the Finsbury Park mosque in London. Altikriti, who works as a hostage negotiator, was in the middle of a negotiation for the release of a young woman when his phones were hacked. To this day, he doesn't know what happened to the woman. "Should this go unprosecuted, we can bid farewell to public and personal freedoms, civil liberties and to human rights, especially, but not exclusively, in countries that are ruled by autocratic and authoritarian regimes," he said. All four men have also sought justice through civil claims in UK courts, but none of those cases have been resolved or received judgements. Monika Sobiecki, a partner at London-based Bindmans law firm, which has represented the men in the legal challenges, said the complaint could be "a pivotal moment". "Although filed in the UK, we hope the criminal complaint will send shockwaves through the spyware industry globally, to demonstrate that no technology company is above the law," she said. Read More: https://www.middleeasteye.net/news/pegasus-uk-based-spyware-victims-file-criminal-complaint-met-police Source Credit: www.middleeasteye.net

So far, no one has been able to hold the notorious Israeli spyware firm accountable for complicity in human rights abuses. Anas Altikriti was in London, and busy, on the day in July 2020 when his phone was hacked. He frequently works as a hostage negotiator and, at the time, he was negotiating a deal to free a hostage being held on the Libya–Chad border. Altikriti also had a meeting with former Labour Party leader Jeremy Corbyn. But his schedule did not include having his phone infiltrated by Pegasus, the phone hacking software made by Israel’s NSO Group. Four years later, Altikriti, an Iraqi-born British citizen and vocal critic of the United Arab Emirates, is filing a report to the Metropolitan Police in London accusing the Israeli spyware firm NSO Group of complicity in the targeted hacking of his phone. On Wednesday, he filed the complaint about NSO and its associates alongside three fellow U.K.-based human rights defenders whose phones were also hacked. “This case has some real legs,” said Leanna Burnard, a lawyer at the nonprofit Global Legal Action Network, who prepared the complaint. “The U.K. shouldn’t stand for the hacking of human rights defenders on its own soil.” Assembled with the help of advocates from GLAN on behalf of the victims, the extensively footnoted filing sent to the Metropolitan Police, which was obtained by The Intercept, puts the ball in the police’s court. The police now have discretion over whether to open an investigation and subsequently bring charges. “Due to regulatory constraints, we cannot confirm or deny any alleged specific customers,” Gil Lanier, vice president for global communications at NSO, told The Intercept. “NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law enforcement agencies. Our customers use these technologies daily, as Pegasus continues to play a crucial role in thwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.” The Metropolitan Police declined to comment. The U.S. blacklisted NSO in 2021 after its software was accused of enabling human rights abuses by the company’s authoritarian government clients. Amnesty International has said NSO was complicit in many of these phone hackings. The cyber spying firm, however, has never been sanctioned in the U.K., despite calls from members of Parliament. The failure to act was particularly jarring because the government itself had been a target of the software. In 2022, cybersecurity researchers at Citizen Lab said that the U.K. prime minister’s office and the Foreign Office likely had been victims of multiple Pegasus attacks, with the UAE as the main suspect. While prosecutors around the world have investigated criminal claims against NSO in countries, including Spain, Hungary, and Poland, so far there have been no formal charges. The complaint against NSO to London police has been two years in the making, since lawyers began investigating the hackings victims on British soil. Lawyers on the case said they hoped the police report could lead to a landmark moment for human rights defenders who have been targeted. Altikriti, alongside the other complainants, certainly hopes so. “This has to be exposed,” he said. “We are now talking about a potential world where literally no one can ever claim to enjoy anything called privacy.”

Hacked on British Soil

Alongside Altikriti, the hacking victims include include Azzam Tamimi, a Palestinian-born British journalist and academic, a prominent critic of the Saudi regime; Mohammed Kozbar, a Lebanese-born British citizen and the leader of the Finsbury Park mosque; and Yusuf Al Jamri, a Bahraini human rights activist who was granted asylum in the U.K. All were hacked between 2018 and 2021 on British soil. Their complaint to the police is being made against NSO Group and its board members; the firm’s parent company Luxembourg-based Q Cyber Technologies; London-based private equity firm Novalpina, which bought NSO in 2019. The human rights activists are alleging the people involved with NSO breached the U.K.’s Computer Misuse Act by enabling state actors to hack their phones using Pegasus. (Novalpina did not respond to a request for comment.) The hackers in question are believed to be the Kingdom of Saudi Arabia, the UAE, and the Kingdom of Bahrain. The U.K. recently became more significant to NSO’s operations. In 2023, the management of five NSO-linked companies was moved to London and two U.K.-based officers were appointed. Meanwhile, NSO continues to face a slew of civil cases in the U.S., with the company moving for dismissal in lawsuits by hacked Salvadoran journalists and Hanan Elatr Khashoggi, the widow of murdered journalist Jamal Khashoggi. Last week, Apple asked a court in San Francisco to dismiss its three-year hacking suit against NSO, after Israeli officials took files from NSO’s headquarters — an apparent attempt to frustrate lawsuits in the U.S. Apple argued it may now never be able to get the most critical files about Pegasus and that the revelation of its own defensive systems in court might aid other spyware companies. “NSO is very vigorously defending these lawsuits,” said Stephanie Krent, attorney at the Knight First Amendment Institute. “It is trying to draw litigation out and really avoid being held to account.”

“Absolute Non-reaction”

In July 2021, Altikriti was notified by The Guardian as part of its Pegasus Project that his number was on a leaked list of those suspected to be hacked. According to The Guardian, Altikriti’s phone number was on a list of people of interest to the UAE given to NSO. Altikriti was concerned but not surprised. For many years, he had been vocally critical of the UAE, where he previously lived. The UAE designated his organization, the Cordoba Foundation — which works to promote dialogue and rapprochement between Islam and the West — as a terrorist group in 2014. In response, the organization issued a statement calling the country a “despotic regime seeking to silence any form of dissent.” He made similar declarations about the UAE over the following years. Around the time Altikriti was hacked in July 2020, he had been working on several hostage release deals, mainly in the Middle East. He alleges that phone hacking interfered with his communications related to one deal. After he was notified of the potential hack, Altikriti’s phone was tested by Amnesty International and Citizen Lab at the University of Toronto, which studies cyber issues affecting human rights. The hack was confirmed. Altikriti quickly went public about the cyberattack, posting a statement calling on the U.K. government to stand against the use of such spyware. Altikriti has since become increasingly frustrated by the lack of action. “You think that the U.K. Government, having seen a number of its own citizens and those on its lands being violated in the way that we have evidence now, would do something,” Altrikiti told The Intercept. “But so far we have seen an absolute non-reaction.” In 2022, Altikriti and Kozbar, one of the other human rights activists behind the complaint to police, sent a pre-claim notice to NSO, the UAE, and Saudi Arabia, of their intention to file a civil suit over the alleged Pegasus phone hacking. In formal response letter obtained by The Intercept, NSO said there was “no basis for the claims.” The company said that since Q Cyber Technologies Ltd and NSO Group Technologies Ltd are each lsraeli companies and neither was present in England and Wales, English courts had no jurisdiction over them. They also argued that the claims were barred by state immunity because, if the alleged attacks happened, they were conducted on behalf of foreign governments who are immune from prosecution. In Wednesday’s complaint to police, other claimants have stories similar to Altikriti. Al Jamri was active on social media promoting awareness of human rights abuses and political issues in Bahrain. In 2011, he was politically active during the Arab Spring. In its wake, he was regularly subjected to interrogation and harassment by authorities. He was detained for the third time in August 2017 and subjected to torture. Upon his release, he sought asylum in the U.K. Two years later, Al Jamri was targeted with Pegasus by servers traced to Bahrain, according to Citizen Lab. This happened around the same time he was posting about an incident at the British Embassy of Bahrain, when a dissident was allegedly assaulted by staff. In August 2019, like Altikriti, Al Jamri was notified by The Guardian, and his phone was subsequently tested and confirmed to have infections. He also went public about the hack.

U.S. Lawsuits 

Despite Apple’s attempt to withdraw its case, NSO still faces a slew of lawsuits in the U.S. In October 2019, WhatsApp filed a lawsuit against the Israeli company for using its platform to hack the phones of 1,400 of the chat app’s users. NSO has repeatedly tried to get the case thrown out, including by claiming sovereign immunity — that it acted as an agent of foreign governments — though that effort was rejected in January. In November 2021, the same month NSO was blacklisted by the U.S. government for its role enabling human rights abuses, Apple also filed its case against NSO to hold it accountable for the surveillance and targeting of its users. On September 13, the company moved to dismiss its case, saying that Israeli officials’ seizure of NSO documents “were part of an unusual legal maneuver created by Israel to block the disclosure of information about Pegasus.” NSO is known to have a close relationship with the Israeli government, which it claims to have been working with during Israel’s war on Gaza. In November, in an attempt to rehabilitate its image, NSO sent an urgent letter to request a meeting with Secretary of State Antony Blinken and officials at the U.S. State Department, citing the threat of Hamas. In 2022, the Knight Institute filed its lawsuit on behalf of current and former journalists of El Faro, one of Central America’s leading independent news organizations, based in El Salvador. It was the first case filed by journalists against NSO in U.S. court. A judge dismissed the case in March, but it is currently on appeal. “We felt it was important that victims have access to courts in order to hold NSO Group to account,” said Krent, the Knight attorney. “At the end of the day, they are facing the most serious threats from the use of this spyware.” Read More: https://theintercept.com/2024/09/19/pegasus-spyware-nso-group-uk/ Source Credit: https://theintercept.com/

The US has imposed new sanctions related to the Intellexa Consortium, a web of companies that makes “Predator” spyware products that Biden administration officials say have been used to target American officials and enable human rights abuses.

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure.

Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group, citing the risk of “threat intelligence” information exposure. Apple wants to dismiss its lawsuit against NSO Group due to three key developments. First, continuing the lawsuit could compromise advanced threat intelligence gathered by Apple by exposing sensitive information to third parties. Second, the spyware industry has diversified, making a lawsuit against NSO less impactful, as other spyware companies continue their operations. Third, obstacles in obtaining critical information from NSO undermine the effectiveness of the legal action. Apple pointed out that it prefers to focus its efforts on developing technical measures to protect users from spyware like Pegasus. The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. Because of these efforts, along with the efforts of others in the industry and national governments to combat the rise of commercial spyware, Defendants have been substantially weakened.” reads the court filing. “At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry. It is because of this combination of factors that Apple now seeks voluntary dismissal of this case.” reads The court filing referenced an article published by The Guardian article reporting that Israeli officials seized files from NSO Group’s headquarters. “The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest.” reads the article published by the Guardian mentioned in the court filing. “Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information about the invasive technology.” The officials requested an Israeli court to keep this action secret, even from parties involved in Meta’s ongoing WhatsApp hacking lawsuit against NSO. The hacked Israeli ministry of justice communications revealed concerns that sensitive information could be accessed by Americans. “while Apple takes no position on the truth or falsity of the Guardian Story described above, its existence presents cause for concern about the potential for Apple to obtain the discovery it needs.” continues the court filing. In November 2021, Apple sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus. According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials. Apple also announced it would support with a contribution of $10 million to the academic research in unmasking the illegal surveillance activities “Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” reads the announcement published by Apple. The legal action aims at permanently preventing the infamous company from breaking into any Apple software, services, or devices. The complaint included details about the NSO Group’s FORCEDENTRY exploit that was used to target multiple users and drop the latest version of NSO Group’s Pegasus. Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and FORCEDENTRY. The latter exploit was discovered by Citizen Lab researchers, it is able to bypass the “BlastDoor” sandbox introduced early this year in iOS to block iMessage zero-click exp Read More: https://securityaffairs.com/168450/laws-and-regulations/apple-drops-lawsuit-against-nso-group.html Source Credit: https://securityaffairs.com/

Pegasus, the spyware, is classified as a weapon by the Israeli Government. The NSO Group which develops and sells the spyware maintains that it sells them only to Government agencies

Infosec in brief  After activating its chameleon field and going to ground following press attention earlier this year, the dangerous Predator commercial spyware kit is back – with upgrades.…

Insikt Group, the threat research arm of cyber security firm Recorded Future, reported last week that new Predator infrastructure has popped up in countries like the Democratic Republic of the Congo and Angola, suggesting US sanctions applied to Intellexa, the spyware firm behind Predator, did not completely succeed.

"After Intellexa … faced sanctions and exposure, a noticeable reduction in Predator activity was observed," Insikt Group wrote in its report on Predator. "However, according to [our] recent analysis, Predator is far from disappearing."

Predator, like Pegasus from the NSO group and other commercial spyware, allows government actors to infiltrate devices and spy on users. The product is known for its ability to track locations, access device cameras, record calls, read messages and do other privacy-invading things.

The latest updates, unfortunately, mean Predator will be a lot harder to track.

According to Insikt, the Predator update it has spotted further anonymizes customer operations and makes it harder to locate users.

"This change makes it more difficult for researchers and cybersecurity defenders to track the spread of Predator," the researchers noted.

"Defenders can mitigate risks by following cyber security best practices, including regular device updates, using lockdown mode, and deploying mobile device management systems," Insikt recommends. "Given Predator's renewed presence and the sophistication of its infrastructure, individuals and organizations must stay vigilant."

Act now, and you might even protect yourself against Russian cyber spies using similar tactics, too.

X accounts belonging to two of former US president Donald Trump's family members were hijacked last week to push links to a scam version of Trump's forthcoming decentralized finance venture, in a pair of now-deleted Xeets.

Republican National Committee co-chair Lara Trump, and Donald Trump's daughter Tiffany, both posted about the launch of Trump's World Liberty Financial – a crypto platform the ex-president and current Republican nominee announced in late August as "the DeFiant Ones," but apparently already renamed.

The platform hasn't launched yet, and the spoof links went to a mystery website promising to be the only official source on the project.

World Liberty Financial – promoted by Trump as a way for everyday Americans to avoid being "squeezed by big banks and financial elites" – has raised concerns. Seventy percent of the tokens being minted when World Liberty is launched are supposed to go to project insiders – an amount crypto publication Coindesk noted is "unusually high."

A relatively new and nasty ransomware variant known as "Lost in the Fog" that targeted education and recreation institutions appears to have started targeting financial institutions.

According to security operations-as-a-service firm Adlumin, it spotted someone using Fog last month trying to break into a "mid-sized financial business using compromised VPN credentials." That type of attack is standard operating procedure for Fog.

Once inside a network, Fog uses advanced techniques like pass-the-hash attacks to escalate privileges, cripple network security, steal data and encrypt it with a ransom note. Fog hasn't been attributed to any known threat actor yet, which Adlumin said suggests it may come from a new, but "highly skilled" threat actor that appears to be based in Russia.

Standard ransomware prevention techniques apply here, folks – just be advised if you're in the financial sector that there's a hot new variant out there gunning for your systems, especially weak VPNs.

Security researchers monitoring open source packages have spotted nasty folk waiting for a package to be deleted and re-creating the repository with a malicious version.

Dubbed "revival hijack" by researchers at JFrog, the tactic involves abusing the Python Package Index's (PyPI) package registration system.

"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from PyPI's index by the original owner," the JFroggers wrote.

The DevOps and security firm estimates there are around 22,000 packages in PyPI vulnerable to a revive hijack attack, and the researchers noted they've already spotted the technique being used in the wild to infect the pingdomv3 package.

The result of a successful revive hijack could be disastrous – especially because it can be used to trick systems into thinking the malicious package is simply an updated version of the old, now deleted, official one.

"On average, 309 [PyPI] packages are removed each month," JFrog noted.

So start checking the age of repositories and the name of the maintainer before updating those packages, folks

A trio of computer science students, and their lecturer, have been charged with unauthorized access to computer data after discovering and presenting evidence of a security flaw.

Michael Debono, Giorgio Grigolo and Luke Bjorn Scerri were reportedly arrested in 2022 and recently charged, along with their lecturer Mark Joseph Vella, for unauthorized access, preventing or obstructing the input of data without authorization and obstructing or preventing the use of a computer system for vulnerability testing in FreeHour, a scheduling app for students.

After reporting the vulnerability to FreeHour and requesting a bounty, the trio were reportedly arrested instead. They are scheduled to head to trial next year on the matter.

While the United States and many other countries have some form of concession in place to not prosecute good-faith security researchers, Malta appears to have no such law. ®

Read More: https://www.msn.com/en-us/news/technology/predator-spyware-updated-with-dangerous-new-features-also-now-harder-to-track/ar-AA1qdU7m

Source Credit: https://www.msn.com/en-us/news

AI-Driven Threat Detections Indicate Attackers Target Mobile Devices to Compromise Enterprise Credentials; Malicious Links to Mobile Devices Increasing 70% Year Over Year BOSTON, September 10, 2024--(BUSINESS WIRE)--Lookout, Inc., the data-centric cloud security company, today released the Lookout Mobile Threat Landscape Report for Q2 2024. The report highlights insights behind a 70% YOY increase in mobile phishing and malicious web content, dissects a new mobile surveillanceware family and notes a significant increase in attacks that enable root access to iOS devices. Lookout data also shows that even if an organization manages employee devices with only a Mobile Device Management (MDM) solution, those employees are just as likely to encounter a phishing attack as organizations that don’t use MDM. The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud’s ever-growing AI-driven mobile dataset of more than 220 million devices, 325 million apps and billions of web items. The Lookout Security Cloud has identified 462 million phishing and malicious sites since 2019. In addition, it leverages AI to analyze data and identify malware, phishing attacks, and other sophisticated network-based threats. Lookout data for Q2 2024 also reveals:

• A substantial uptick of 40.4% in mobile phishing attempts and malicious web attacks targeting enterprise organizations.

• More than 80,000 malicious apps were detected on enterprise mobile devices. Mobile app threats can vary widely, from invasive permissions and riskware that pose significant compliance risks to sophisticated spyware capable of tracking devices, stealing data, eavesdropping on conversations and accessing the user’s camera and microphone.

• In Q2, Lookout protected customers against 47 new mobile malware families, and customers were given enhanced protection against 101 known mobile malware families.
• Top device misconfigurations include out-of-date OS, out-of-date Android Security Patch Levels (ASPL), no device lock and non-app store signer.

• The most critical families of mobile malware continued to lean heavily towards Android surveillanceware.

• The top ten most common mobile app vulnerabilities encountered by Lookout users in Q2 2024 were in components of mobile browsers. Since all mobile devices have a browser, attackers target these vulnerabilities, in particular, hoping users haven't updated to patched versions.

MDM and MTD Serve Different Purposes Lookout data also shows that employees are just as likely to face phishing attacks whether or not their organization manages their mobile devices with MDM. Mobile phishing is a widespread threat that can target any app with messaging capabilities. This includes not only email, SMS, iMessage, WhatsApp, and Telegram but also social media platforms like Instagram, TikTok, LinkedIn, mobile games and even dating apps. MDM focuses on managing and controlling mobile devices within an organization, enforcing policies, and ensuring device compliance. On the other hand, Mobile Threat Defense (MTD) is specifically designed to detect and protect against mobile cybersecurity threats, providing real-time threat detection, remediation, and blocking capabilities. While MDM manages devices, MTD focuses on securing them from potential threats. "Attackers have proven over and over again that targeting employees through mobile-based phishing attacks, such as SMS phishing and voice phishing, can be highly successful. To combat these threats, Lookout recommends implementing a comprehensive defense strategy that safeguards against multiple points of compromise, including mobile, cloud and data protection," said David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout. "MDM solutions are essential for managing enterprise environments and ensuring consistency across devices, but they are not designed to provide security. It's important to view MDMs as a complement to MTD solutions, which can effectively protect against mobile phishing and other threats that MDMs cannot address." Mobile Threat Defense Industry Leadership Backed by a world-class mobile threat intelligence team, Lookout offers a defense-in-depth approach to cybersecurity that is designed to protect an organization’s data against the Modern Kill Chain. With the largest database of threat telemetry, Lookout has a deep understanding of mobile and cloud threats. Lookout Mobile Endpoint Security is the industry’s most advanced MTD solution to deliver mobile endpoint detection and response (Mobile EDR). Lookout provides visibility into mobile threats and state-sponsored spyware, while also protecting against mobile phishing and credential theft that can lead to unauthorized access to sensitive corporate data. Lookout is FedRAMP JAB P-ATO Authorized and available through CDM DEFEND, trusted by enterprise and government customers to protect sensitive data, enabling the workforce to connect freely and safely from any device. Read More: https://www.businesswire.com/news/home/20240910967476/en/New-Lookout-Threat-Research-Proves-Mobile-Security-Should-Be-Central-to-Modern-Data-Protection-Strategies Source Credit: https://www.businesswire.com/news/home/

Researchers warn of a fresh cluster of activity associated with the Predator spyware using a new infrastructure, following the U.S. sanctions against the Intellexa Consortium.

Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium. In March 2024, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans. The surveillance software was also used to spy on U.S. government officials, journalists, and policy experts. The Department of the Treasury warns that the proliferation of commercial spyware poses growing risks to the United States. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. The Intellexa Consortium was created in 2019, it has acted as a marketing umbrella for various offensive cyber companies that provide commercial spyware and surveillance tools designed for targeted and mass surveillance campaigns. The name “Predator” spyware was used to refer to a collection of surveillance tools that allows to compromise victims’ devices through zero-click attacks. Predator spyware is known for its extensive data-stealing and surveillance capabilities. In March 2023, the US Government issued an Executive Order on the prohibition on use by the United States Government of commercial spyware that poses risks to national security. In July 2023, the Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems. Following the exposure of the Intellexa group’s operations and sanctions imposed by the US government experts reported a drop in the surveillance firm’s activity and its spyware Predator went out of the radar. Recorded Future now shows that the decline was likely associated with changes in TTPs adopted by the company in an attempt to evade detection. “This resurgence highlights Predator’s ongoing use by customers in countries such as the Democratic Republic of the Congo (DRC) and Angola.” reads the Recorded Future’s report. “While Predator continues to pose significant privacy and security risks, especially to high-profile individuals like politicians and executives, new infrastructure changes make tracking users more difficult. “ Predator spyware operators added several layers to enhance their infrastructure, anonymize operations and evade detection, making it harder to identify which countries are using the spyware. The researchers pointed out that despite these upgrades, the attack chain is unchanged, relying on both “one-click” and “zero-click” exploits as vectors, often exploiting browser vulnerabilities. While no fully remote zero-click attacks, like those seen with Pegasus, have been reported, Predator remains a significant threat, especially for targeting high-profile individuals. “One of the most concerning aspects of Predator’s return is its likely continued targeting of high-profile individuals. Politicians, executives, journalists, and activists are at the highest risk due to the intelligence value they hold for governments or other malicious actors. The costly licensing of Predator further suggests that operators reserve its use for strategic, high-value targets.” concludes the report. “This widespread use of mercenary spyware, particularly against political opposition, has sparked concern in regions like the European Union. Investigations in Greece and Poland have already revealed how spyware has been used against opposition figures and journalists, raising serious questions about the legality and ethics of such surveillance.” Recorded Future says. As the surveillance market grows, governments and cybersecurity professionals must stay proactive. In February, a report published by Google Threat Analysis Group (TAG), titled “Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs)”, warned of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet. The surveillance industry is experiencing exponential growth, fueled by the sustained demand from rogue governments, intelligence agencies, and malicious actors for sophisticated malware and surveillance tools. Read More: https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html Source Credit: https://securityaffairs.com/

The potential security vulnerability had been found in all Pixel phones sold by Google across the world.

If you own a Google Pixel smartphone, don’t forget to update it with the latest version of the Android software to fix a major security loophole in the device.

A few years ago, Google had reportedly installed a hidden app known as “Showcase.apk” on all Pixel handsets to enable in-store demos of the device at certain stores. Over time, the piece of software became inactive as it was no longer used.

The Slovak Information Service (SIS) owns the notorious Israeli Pegasus spyware, claims Juraj Krupa, an MP from the opposition neoliberal SaS party. “Nobody, really nobody in Slovakia can be certain to have privacy and can communicate in privacy,” Krupa was quoted as saying by state broadcaster STVR. The opposition also wants to open a parliamentary session at the committee overseeing SIS, but the committee is left without a chairman after Maria Kolikova (SaS) was removed by the ruling left-right coalition of populist Prime Minister Robert Fico, which effectively leaves the committee paralysed. SIS has denied the claims it possesses Pegasus, describing this as “disinformation”, while the Minister of Environment Tomas Taraba, a nominee of the far-right SNS party, stated that “it is absolute nonsense, no such purchase has been made”. Minister of Interior Matus Sutaj Estok stated “in a short time we will come up together with the minister of justice [Borus Susko] with a legislative proposal which will absolutely rule out such use of similar eavesdropping systems, bugs respectively, which would know how to destroy privacy”. Pegasus spyware was acquired by the radical rightwing governments of Hungary and Poland and allegedly used to spy on opponents. Poland's new centrist government is investigating the possible misuse of the technology. A special European Parliament committee found that Hungary had grossly misused its power by exploiting the spyware. Fico’s ruling coalition led by his leftist Smer party holds a narrow majority in the parliament and has pursued an aggressive power grab since taking power last autumn, which critics claim follows Hungarian premier Viktor Orban's authoritarian playbook, including sweeping staff changes in police, changes to the criminal code and a makeover of the media landscape in the country. Last month, Pavol Gaspar, son of prosecuted police ex-president and current Smer legislator Tibor Gaspar, was appointed to head the SIS despite criticism of his connections to the criminal ring allegedly involving Gaspar’s relative, the Nitra-based oligarch Norbert Bodor. Slovakia’s new president Peter Pellegrini, whose campaign was backed by Fico’s coalition, stated he has “not found any legal reasons to turn down his [Gaspar’s] nomination”. Pellegrini’s predecessor Zuzana Caputova declined to appoint Gaspar to head the SIS, but Fico’s government restructured SIS and gave Pavol Gaspar the deputy director post with effective control of SIS. Earlier this year, regional outlets, including the VSquare media platform, reported that European intelligence services began to curtail the sharing of information with SIS in response to the staff changes made by Fico’s cabinet. In a separate development, the ruling coalition initiated a no-confidence motion against the vice chairman of the parliament and the opposition leader Michal Simecka in a culmination of public attacks against Simecka and his family, launched by Fico. Fico alleges Simecka's family has benefited from state subsidies through a foundation named after his grandfather, Czechoslovak writer, philosopher and communist-era dissident Milan Simecka. Simecka denies receiving any money from the civil society foundation. One vice chairman (or speaker) post at the parliament is traditionally reserved for a leader of the strongest opposition party, which is Simecka’s centrist Progressive Slovakia. Removing Simecka would mean that all the speakers would be from government parties,  potentially further limiting opposition time in the parliament. Simecka stated publicly that the document filed for his removal from the parliamentary post was penned by SIS chief Pavol Gaspar, saying “how can we trust SIS that it can fulfil its duties when its boss can’t even clear up traces of his involvement?” Read More: https://www.intellinews.com/slovak-spy-agency-has-pegasus-spyware-opposition-claims-342188/?source=israel Source Credit: www.intellinews.com

Colombian President Gustavo Petro has ordered an investigation into the purchase of Pegasus spy software by the country's police force.

President Petro said the spyware was bought - in cash - from an Israeli surveillance firm during the government of his predecessor, Iván Duque.

He added that the software, which can be installed remotely on mobile phones to access people's microphones and cameras, may have been used to spy on political rivals, including himself.

The president's remarks were the first official confirmation that Colombia was among the countries which bought the phone malware.

Pegasus software infects iPhones and Android devices to enable operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.

Mr Petro revealed the news in a televised address to the nation, saying that he had learned of the purchase through a confidential document.

The president said that Colombia's police intelligence directorate (Dipol) had made two payments of $5.5m (£4.2m) each to Israeli surveillance firm NSO, which had developed the spyware.

NSO has said in the past that its software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records.

But Mr Petro queried how $11m in cash could have left the country without any trace of it being recorded in the published budget - and why.

"It is a laundering of assets made from our own state to disrupt the communications of whom?" he asked.

Pegasus spyware hit the headlines in 2021 when a list of 50,000 phone numbers of suspected victims of hacking was leaked to major media outlets.

Among those believed to have been targeted were activists, journalists and politicians from around the world.

President Petro urged the attorney-general's office to investigate the purchase and what police may have used the spyware for.

He also demanded that the head of Colombia's police force hand over all relevant documents related to Pegasus.

It is not the first time the Colombian security forces have been accused of illegally intercepting communication.

Wiretapping scandals have rocked the country repeatedly over the past two decades, leading to the closure of its intelligence agency, the Department of Administrative Services (DAS), in 2011.

Read More: https://www.bbc.com/news/articles/ckg5en18qvxo Source Credit: https://www.bbc.com  

By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies As per reports, India has over 1.2 billion mobile phone users and 600 million smart phone users according to  Deloitte’s 2022 Global TMT. As India sees the aggressive rollout of 5G service, it is expected that data consumption will increase to 75GB per month per smartphone user in 2029, way ahead of any completion, according to Ericsson’s Mobility Report for 2023. The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat—mobile spyware. As the term “spyware” suggests, this kind of threat can often go unnoticed until the damage is done. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate the risks associated with mobile spyware. It’s no longer just about enhancing productivity; it’s equally about safeguarding the digital gateways that our mobile devices have become. 2023 has seen that vulnerability increase as mobile threats continue to grow in number and sophistication. Check Point Research revealed that the majority of organizations experienced a mobile malware attack in 2022, with phishing (52%), command and control (25%), and automatic browsing to infected websites (23%) among the most common types of malicious traffic. Banking trojans, designed to steal users’ online banking credentials, and premium dialers, which subscribe to premium rate services without the users’ knowledge, are also on the rise. According to Check Point’s Threat Intelligence Report, over the past six months, the rate of mobile attacks on organizations in India has averaged 7.5% per week, while the global average for attacks per organization stands at 2.2%. In Check Point’s 2023 Mid-Year Cyber Security Report, mobile devices continue to prove a common attack vector. The “FluHorse” malware, for instance, camouflages itself as popular Android applications, aiming to extract Two-Factor Authentication (2FA) codes and other sensitive user data. Another malware, known as “FakeCalls”, simulates over twenty distinctive financial applications and generates fraudulent voice calls, further highlighting the innovative tactics employed by cybercriminals. Understanding Mobile Spyware The subtle yet significant threat of mobile spyware demands attention, as these covert software pieces infiltrate mobile devices, often undetected, and can execute various malicious activities. Furthermore, the real challenge here is spyware’s ability to blend in. Often, it’s hidden in apps that look safe or in updates that seem routine. This sneakiness is what makes spyware so tricky to spot and stop. Users might download an app that seems fine on the surface but secretly carries spyware. Or they could fall for phishing emails, where a simple click on a dubious link or attachment starts the spyware download. The threat becomes even more complicated with “zero-click” malware, a type of spyware that doesn’t need any action from the user to install itself. It takes advantage of weaknesses in the device’s software or operating system. Once it’s in, spyware can do a lot of damage like stealing sensitive company data or personal information, which can lead to serious security breaches and financial losses. Best Practices for Spyware Prevention To tackle the issue of mobile spyware effectively, organizations should embrace a diverse strategy that extends beyond the mere implementation of security measures:

1. Regular software updates: Keeping all mobile software up to date is crucial. Software updates are key since they typically include fixes for security flaws that spyware could potentially exploit.
2. Cyber security training: It’s important to educate employees to identify threats such as suspicious applications and phishing emails. Awareness is a key defense mechanism in the fight against spyware.
3. Robust security policies: Establishing and enforcing comprehensive security policies for mobile device usage can significantly reduce the risk of spyware infections. This includes regulating the installation of apps and the use of public Wi-Fi networks.
4. Advanced security solutions: While the above best practices such as regular security updates, adequate training for employees, and clear security policies go a long way in improving security posture, it takes an advanced security solution to fully prevent and handle mobile spyware.

Read More: https://indiatechnologynews.in/mobile-spyware-a-potential-threat-to-your-organization/ Source Credit: https://indiatechnologynews.in

In an analysis by Clement Lecigne and Josh Atkins from Google’s Threat Analysis Group and Mandiant’s Luke Jenkins, multiple in-the-wild attacks spanning a nine-month period have been confirmed as being attributed to a hacking group known as APT29, which has links to the Russian government. The attacks targeted both Android and iOS users with exploits against Apple Safari and Google Chrome browsers. Here’s what we know and how you can mitigate the risk of falling victim.

The APT29 Attacks Against Chrome and Safari Mobile Browsers Explained

The Google TAG report, authored by Clement Lecigne, and published on August 29, revealed that the exploits being deployed by the Russian state-sponsored APT29 hacking group were the same as those used by commercial spyware vendors in the past. Observed by the Google and Mandiant security analysts between November 2023 and July 2024, the exploits formed part of what is known as a watering hole attack. This is pretty much what you would expect it to be: a cyberattack targeting victims by infecting a website or service that they would ordinarily use and trust. Just like predators who attack their prey by hiding near real watering holes for thirsty animals at their most vulnerable. “The use of watering hole attacks circumvents traditional web security controls like URL categorization filters,” Adam Maruyama, field chief technology officer at Garrison Technology said, “because the owner of the site and the human-readable content hosted there are legitimate, leaving only a few layers of protection between the end user’s device and the malicious webcode.” The threat becoming even more acute on mobile devices, Maruyama continued, “where few users have endpoint protection products to stop even known exploits, leaving unpatched devices vulnerable.” The prey in these particular attacks were Mongolian government websites, although the same tactic would apply to any targeted victim. State-sponsored groups such as APT29 tend to go for big game, as it were, being commercial and government organizations that benefit their paymasters most. The common denominator was that the victims were using the Safari browser on older versions of iOS (those before 16.6.1) initially and then Android users running the m121 to m123 versions of the Chrome browser. It should be noted that fixes had already been made available for the vulnerabilities exploited in these attacks, but users who were using unpatched versions were at risk. The Chrome campaign against Android users followed a similar pattern but required an “additional sandbox escape vulnerability to break out of Chrome site isolation,” Lecigne said. The site isolation function means that attackers must chain a number of vulnerabilities together for success, which, while not impossible, as this attack shows, requires more capability and resources. “Although the trend in the mobile space is towards complex full exploit chains,” Lecigne said, “the iOS campaign is a good reminder of the fact that a single vulnerability can inflict harm and be successful.”

Mitigating Against Watering Hole Attacks

"Cybersecurity arrangements must be agile and constantly updated to keep up with the evolving threat landscape. Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls,” Spencer Starkey, a vice-president at SonicWall said, “and companies must be able to quickly adapt and respond to these threats.” Organizations should certainly be looking at deploying such things as hardware-enforced browser isolation which pushes code execution away from the end user device and into a sandboxed environment. “Putting the code execution in a sandbox ensures that the user has access to the information presented on the page,” Maruyama said, “but is not exposed to malicious code presented when a less-secure government’s websites are turned into watering holes.” End users, meanwhile, should always ensure that their devices, and the apps installed upon them, are updated with the very latest security patches. Read More: https://www.forbes.com/sites/daveywinder/2024/09/02/android-and-ios-users-attacked-by-russian-apt29-hackers-google-warns/ Source Credit: https://www.forbes.com/

In recent years, elite commercial spyware vendors like Intellexa and NSO Group have developed an array of powerful hacking tools that exploit rare and unpatched “zero-day” software vulnerabilities to compromise victim devices. And increasingly, governments around the world have emerged as the prime customers for these tools, compromising the smartphones of opposition leaders, journalists, activists, lawyers, and others. On Thursday, though, Google's Threat Analysis Group is publishing findings about a series of recent hacking campaigns—seemingly carried out by Russia's notorious APT29 Cozy Bear gang—that incorporate exploits very similar to ones developed by Intellexa and NSO Group into ongoing espionage activity.

Between November 2023 and July 2024, the attackers compromised Mongolian government websites and used the access to conduct “watering hole” attacks, in which anyone with a vulnerable device who loads a compromised website gets hacked. The attackers set up the malicious infrastructure to use exploits that “were identical or strikingly similar to exploits previously used by commercial surveillance vendors Intellexa and NSO Group,” Google’s TAG wrote on Thursday. The researchers say they “assess with moderate confidence” that the campaigns were carried out by APT29.

These spyware-esque hacking tools exploited vulnerabilities in Apple's iOS and Google's Android that had largely already been patched. Originally, they were deployed by the spyware vendors as unpatched, zero-day exploits, but in this iteration, the suspected Russian hackers were using them to target devices that hadn't been updated with these fixes.

“While we are uncertain how suspected APT29 actors acquired these exploits, our research underscores the extent to which exploits first developed by the commercial surveillance industry are proliferated to dangerous threat actors,” the TAG researchers wrote. “Moreover, watering hole attacks remain a threat where sophisticated exploits can be utilized to target those that visit sites regularly, including on mobile devices. Watering holes can still be an effective avenue for … mass targeting a population that might still run unpatched browsers.”

It is possible that the hackers purchased and adapted the spyware exploits or that they stole them or acquired them through a leak. It is also possible that the hackers were inspired by commercial exploits and reverse engineered them by examining infected victim devices.

State department policy will allow US to impose visa restrictions on individuals involved in misuse of spyware.

The US said it will impose global visa restrictions on individuals who have been involved in the misuse of commercial spyware, in a move that could affect major US allies including Israel, India, Jordan and Hungary.

The new policy, unveiled on Monday, underscores how the Biden administration continues to see the proliferation of weapons-grade commercial spyware – which has been used by governments around the world against hundreds of political dissidents, human rights advocates, journalists and lawyers – as a major threat to US national security and counterintelligence capabilities.

The move comes three years after the administration placed Israel’s NSO Group on a commerce department blacklist and issued an executive order prohibiting the US government’s own use of commercial spyware. Israeli companies lead the world in producing commercial spyware and the Biden administration’s tough stance on those companies has emerged as a diplomatic sore point between the two allies.

When it is successfully used against a target, spyware like NSO’s Pegasus can infiltrate any phone without a user knowing. Intelligence or other government agencies using a spyware like Pegasus can silently gain access to a mobile phone user’s photographs, phone conversations and texts, and messages shared via encrypted apps like WhatsApp and Signal. It can even be used as a remote listening device.

In a statement, Antony Blinken, the US secretary of state, said the misuse of commercial spyware has been linked to “arbitrary detentions, forced disappearances and extrajudicial killings in the most egregious of cases”.

It is not entirely clear what specific extrajudicial killing Blinken was referring to, but the Guardian and other media outlets have previously reported that close associates of the Saudi journalist Jamal Khashoggi had been targeted and hacked with Pegasus before his murder by Saudi agents inside the Saudi embassy in Istanbul in October 2018.

NSO has previously said its technology “was not associated in any way with the heinous murder of Jamal Khashoggi”.

For the US government, the proliferation of spyware – even when it is used by close allies – has for years been seen as a threat to security, especially against US government employees,like diplomats and intelligence officials who are stationed abroad. A senior administration official on Monday said that more than 50 US government personnel in 10 countries and 3 continents have been targeted by spyware in recent years.

In the constant cat-and-mouse game between spyware companies and those experts trying to stop the sophisticated technology from infecting phones, companies like Apple have notched up some victories. Researchers who study hacking have said that they have found evidence of individuals who use Apple’s “lockdown” security function of being targeted but not successfully infected by spyware.

Yet it remains a major issue, including in Jordan, where Access Now, an advocacy group, recently reported nearly three dozen cases of individuals who were targeted or hacked by Pegasus.

The state department said on Monday that the visa restrictions would also apply to individuals in countries that do not usually require a visa to enter the US, like EU countries and Israel. It is considered a “global” visa ban, so individuals who are potentially subject to the sanction would be notified that they are no longer eligible for visa-free travel and would need to apply for a visa at a US consulate if they are seeking to enter the US.

According to guidance issued by the state department, the ban will restrict entry for individuals believed to be involved in the misuse of commercial spyware “to target, arbitrarily or unlawfully surveil, harass, suppress, or intimidate individuals including journalists, activists, other persons perceived to be dissidents for their work, members of marginalized communities or vulnerable populations, or the family members of these targeted individuals”.

The visa ban will also affect individuals believed to facilitate or derive financial benefit from the misuse of commercial spyware and their immediate families. While the visa ban would not directly affect US financial firms or investors involved in the spyware industry, a senior administration official said that its actions would send an “important signal” about the risks associated with the industry.

Read More: https://www.theguardian.com/us-news/2024/feb/05/us-biden-administration-global-spyware-restrictions Source Credit: https://www.theguardian.com/

An opposition MP has been charged with alleged crimes committed while serving in the former Law and Justice (PiS) government. Michał Woś, however, not only denies wrongdoing but argues that the charges are invalid because they were brought by illegitimately appointed prosecutors. Woś on Tuesday appeared at the National Prosecutor’s Office in connection with his role in alleged abuses relating to the purchase of Pegasus spyware using justice ministry funds in 2017, when he was a deputy justice minister. Woś also later served as environment minister. Afterwards, a spokesperson for the prosecutor’s office announced that the politician had been charged with exceeding his authority and failing to fulfil his obligations, crimes that could carry a prison sentence of up to ten years. He was also placed under police supervision. The charges were made possible after Prime Minister Donald Tusk’s ruling coalition – which replaced PiS in power at the end of last year – voted to strip Woś of parliamentary immunity in June following a request from Adam Bodnar, who serves as prosecutor general and justice minister. The case relates to a decision made in 2017 to transfer 25 million zloty (€5.8 million) from a justice ministry fund to the Central Anticorruption Bureau (CBA) to finance the purchase of Pegasus, a type of powerful Israel-made spyware that allows the harvesting of data from mobile devices. Bodnar said that those funds were transferred despite “it being known that the [CBA] did not meet the conditions for obtaining such financial support” and Woś therefore failed to fulfil his duties regarding managing public funds. In April, Bodnar revealed that hundreds of people had been surveilled using Pegasus during PiS’s time in power. Some of those targets were prominent opponents of the government, including the manager of the opposition’s election campaign in 2019. Read More: https://notesfrompoland.com/2024/08/28/opposition-mp-charged-over-alleged-crimes-when-minister-in-former-pis-government/ Source Credit: https://notesfrompoland.com

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has the unique ability to relay data from victims' payment cards, via a malicious app installed on their Android devices, to the attacker's rooted Android phone," researchers Lukáš Štefanko and Jakub Osmani said in an analysis. The activity is part of a broader campaign that has been found to target financial institutions in Czechia since November 2023 using malicious progressive web apps (PWAs) and WebAPKs. The first recorded use of NGate was in March 2024. The end goal of the attacks is to clone near-field communication (NFC) data from victims' physical payment cards using NGate and transmit the information to an attacker device that then emulates the original card to withdraw money from an ATM. NGate has its roots in a legitimate tool named NFCGate, which was originally developed in 2015 for security research purposes by students of the Secure Mobile Networking Lab at TU Darmstadt. The attack chains are believed to involve a combination of social engineering and SMS phishing to trick users into installing NGate by directing users to short-lived domains impersonating legitimate banking websites or official mobile banking apps available on the Google Play store. As many as six different NGate apps have been identified to date between November 2023 and March 2024, when the activities came to a halt likely following the arrest of a 22-year-old by Czech authorities in connection with stealing funds from ATMs. NGate, besides abusing the functionality of NFCGate to capture NFC traffic and pass it along to another device, prompts users to enter sensitive financial information, including banking client ID, date of birth, and the PIN code for their banking card. The phishing page is presented within a WebView. "It also asks them to turn on the NFC feature on their smartphone," the researchers said. "Then, victims are instructed to place their payment card at the back of their smartphone until the malicious app recognizes the card." The attacks further adopt an insidious approach in that victims, after having installed the PWA or WebAPK app through links sent via SMS messages, have their credentials phished and subsequently receive calls from the threat actor, who pretends to be a bank employee and informs them that their bank account had been compromised as a result of installing the app. They are subsequently instructed to change their PIN and validate their banking card using a different mobile app (i.e., NGate), an installation link to which is also sent through SMS. There is no evidence that these apps were distributed through the Google Play Store. In a statement shared with The Hacker News, Google confirmed that it not did not find any app containing the malware on the official Android marketplace. The company also said users are automatically protected against known versions of NGate by Google Play Protect, which is enabled by default on Android devices with Google Play Services, even when the apps are downloaded from third-party sources. "NGate uses two distinct servers to facilitate its operations," the researchers explained. "The first is a phishing website designed to lure victims into providing sensitive information and capable of initiating an NFC relay attack. The second is an NFCGate relay server tasked with redirecting NFC traffic from the victim's device to the attacker's." The disclosure comes as Zscaler ThreatLabz detailed a new variant of a known Android banking trojan called Copybara that's propagated via voice phishing (vishing) attacks and lures them into entering their bank account credentials. "This new variant of Copybara has been active since November 2023, and utilizes the MQTT protocol to establish communication with its command-and-control (C2) server," Ruchna Nigam said. "The malware abuses the accessibility service feature that is native to Android devices to exert granular control over the infected device. In the background, the malware also proceeds to download phishing pages that imitate popular cryptocurrency exchanges and financial institutions with the use of their logos and application names." Read More:- https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html Source Credit: https://thehackernews.com/

In a new twist on phishing tactics, ESET analysts have uncovered a series of sophisticated campaigns targeting mobile users by leveraging Progressive Web Applications (PWAs). This use of PWAs, which are essentially websites functioning as standalone apps, sets this phishing campaign apart. Unlike traditional phishing techniques, these attacks instruct iOS users to add the PWA to their home screens, while Android users are prompted to install a WebAPK. The key concern is that these phishing applications do not require users to approve third-party installations, bypassing typical security warnings. On Android, the phishing WebAPK even apes a legitimate Google Play installation – a cunning way of increasing the deception. ESET analysts note that these apps are almost indistinguishable from genuine banking applications, making it highly difficult for users to identify the threat. The technique was initially disclosed by CSIRT KNF in Poland in July 2023, and observed in November 2023 in the Czech Republic by ESET researchers. It targeted clients of a prominent Czech bank and raised alarms due to its cross-platform reach and stealthy installation methods. ESET’s research highlights the dangers posed by these emerging threats, which are now affecting mobile banking security on both iOS and Android devices.

Geographic Reach and Victim Impact

The campaigns have extended their tentacles to target other regions, including Hungary and Georgia. Specifically, attacks were observed against OTP Bank in Hungary and a Georgian Bank. The cross-platform nature of PWAs enables the global reach of these campaigns, as the malicious app are able to operate on iOS and Android devices. ESET’s research also reveals that two distinct threat actors are behind these campaigns. However, the analysts discovered different Command and Control (C&C) infrastructures, suggesting that multiple groups are exploiting this novel phishing method.

Delivery Mechanisms and Attack Flow

The campaigns use various methods to deliver phishing URLs, including automated voice calls, SMS messages, and malicious ads on social media platforms like Facebook and Instagram. These tactics lure users with tempting offers or warnings about outdated banking apps, leading them to download the phishing application. Once installed, the apps prompt users to enter their banking credentials, which are then transmitted to the attacker’ C&C servers. In some cases, stolen information is logged via Telegram bots, while other campaigns rely on traditional C&C servers with administrative panels.

Mitigation Efforts

ESET has taken proactive steps to mitigate the impact of these phishing campaigns. By identifying and reporting compromised accounts, the company has worked with affected banks to protect customers. Additionally, ESET has been involved in the takedown of multiple phishing domains and C&C servers. This phishing method is a significant threat to mobile banking security. Its stealthy installation of PWAs and WebAPKs slips through traditional security nets, making it hard for users to recognize the danger. ESET analysts warn that more copycat applications could emerge in the coming months, posing a continued risk to mobile users worldwide. Read More:- https://informationsecuritybuzz.com/phishing-campaign-target-mobile-pwas/ Source Credit: https://informationsecuritybuzz.com/

Cybersecurity experts have recently identified a new mobile spyware, known as LianSpy, that specifically targets Android smartphones.This malicious software is designed to operate covertly in the background of a user's device, without being visible on the home screen.It has been found to be particularly active in Russia but its methods could potentially be applied globally.

LianSpy's stealthy operation and data theft

LianSpy was first detected in March 2024, but evidence suggests it has been operating covertly for at least three years.Unlike other spyware, this one requires user interaction to fully integrate into their device.Once activated, it asks for necessary permissions to use overlays, read contacts, and access call logs.If these permissions are not granted, LianSpy will request them from the user by masquerading as a system application or financial services app.

LianSpy's unique approach to data theft

Interestingly, LianSpy does not target banking information. Instead, it focuses on monitoring user activity on their Android device.The spyware is capable of stealing call logs, sending installed applications to its own servers, and recording a user's screen, without giving any clue to the user.It operates stealthily in the background using root privileges or superuser permissions that provide the highest level of access to an Android device.

LianSpy's evasion of Android security measures

When an app uses the phone's camera or microphone, an alert appears on the staus bar.However, LianSpy cleverly conceals its activity by exploiting root privileges to bypass the Android system's notification alerts.This means it can secretly record audio and video without any visible warning to the user.The spyware is a Trojan malware, meaning it can be delivered onto select Android devices via seemingly authentic files or apps like a software update, email attachment, or a scam app.

How to protect your Android device from spyware

To protect against spyware like LianSpy, users are advised to download apps only from official stores such as Play Store and websites.However, even these platforms can sometimes be infiltrated by malicious software.It's recommended that users only download necessary apps from trusted sources such as legitimate companies or brands.Regularly updating the device's operating systems is also crucial as malware often struggles to adapt to new security features and bug fixes.

Read More:- https://www.newsbytesapp.com/news/science/android-spyware-records-screen-steals-data-how-to-stay-safe/story Source Credit: https://www.newsbytesapp.com/

Following a major breach of the European Parliament’s recruitment system in April 2024, when sensitive personal information was exposed, digital rights NGO Noyb filed two legal complaints for alleged data protection law violations on Thursday (22 August), against the EU institute. In May, the Parliament said it experienced a data beach in its recruitment application, PEOPLE, used to hire temporary staff. The breach was confirmed to have taken place in April, when sensitive personal data was exposed such as identity documents, criminal records, and work experience. Concerns had been raised at the time, about the delayed notification and the potential misuse of the compromised data. The Parliament recommended affected individuals replace their IDs and passports as a precaution, offering to cover the associated costs. Now, the NGO Noyb, the European Center for Digital Rights, has filed two complaints with the European Data Protection Supervisor (EDPS) on behalf of four Parliament employees, noting that the data of more than 8,000 staff was affected, including the data of former employees. “As an EU citizen, it is worrying that EU institutions are still so vulnerable to attacks. Having such information floating around is not only frightening for the individuals affected, but it can also be used to influence democratic decisions,” said Max Schrems, activist and chairman of Noyb. Back in May, the EDPS confirmed to Euractiv that they had been notified about the breach in less than 72 hours, from the moment the Parliament became aware of it. Euractiv contacted the EDPS for a comment, but they declined, saying they do not provide statements on complaints. The supervisor can, however, investigate complaints and use corrective measures if EU institutions violate data protection rules, including issuing warnings, enforcing compliance with data access requests, banning data processing operations, imposing fines, or referring cases to the Court of Justice of the European Union. The complaints Nyob believes the breach highlights the Parliament’s non-compliance with the General Data Protection Regulation’s (GDPR) data minimisation and retention requirements. The GDPR’s data minimisation rules require organisations to collect and retain the minimum amount of personal data, necessary for a specific purpose. The retention requirement sets limits on how long this data can be stored, ensuring it is not kept longer than necessary. One of the legal complaints involves the Parliament’s refusal to erase data after the breach, citing a 10-year retention policy, despite the complainant’s concerns and the fact that they had not worked at the EU institution for years. The NGO also urged the EDPS to use its corrective powers to bring the EU institute into compliance and impose an administrative fine to prevent future violations. Under GDPR, data should only be processed when necessary and relevant, according to Noyb. The Parliament’s 10-year retention period of recruitment files exceeds this standard, so raising concerns. Especially since these files may include sensitive data that should be protected under GDPR including; ethnicity, political opinions, and sexual orientation. For instance, one of the legal complainants highlights that an uploaded marriage certificate inadvertently revealed the sexual orientation of a staff member, the  NGO points out. According to Noyb, the hack is especially concerning given the Parliament’s known cybersecurity weaknesses. A November 2023 review found its defences were below industry standards, and not fully aligned with threats from state-sponsored hackers. The PEOPLE breach is part of a series of cyberattacks, including Russian hacks in 2022 and 2023, and Israeli spyware discovered on members of European Parliament’s devices in early 2024. Read More:- https://www.euractiv.com/section/cybersecurity/news/digital-rights-ngo-files-complaints-against-european-parliament-for-data-breach/ Source Credit: https://www.euractiv.com/

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir chief minister Mehbooba Mufti, reported receiving the alert, and so did Pushparaj Deshpande, founder of the Samruddha Bharat Foundation

At least two people in India on July 10 reported receiving a Pegasus-like alert from Apple, Inc. on their iPhones. The alerts, sent out on Tuesday night, warn them that they have been targeted by a targeted “mercenary” attack. Apple previously called these attacks “state-backed,” but changed this in April. Such spyware allows attackers to sift through targets’ personal devices, allowing them to view messages, photos, and tap into microphone and camera feeds in real time.

America is under attack, and the weapon of choice is disguised as a shopping app on your phone. Temu, the Chinese e-commerce giant, has lured millions of Americans with its promise of unbeatable prices and convenience. But behind the flashy deals lies a dark reality: Temu isn’t just selling you cheap trinkets—it's stealing your data, violating your privacy, and potentially compromising national security. This isn’t the first time we’ve faced such a threat. From Huawei to TikTok, the pattern is clear. The evidence against Temu is damning, and the time for action is now. Arkansas Attorney General Tim Griffin has sounded the alarm, filing a bombshell lawsuit that exposes Temu for what it really is: "dangerous malware" and a "data-theft business." This isn't just another shopping app; it's a sophisticated spying tool that gives itself "unrestricted access" to everything on your phone—your messages, your photos, even your fingerprints! But it gets worse. Temu is led by former Chinese Communist Party officials, making it a direct pipeline of American data straight to Beijing. Under China's draconian laws, Temu is legally obligated to hand over all that juicy information to the Chinese government. This isn't just about stolen selfies or embarrassing text messages—it's about national security. Imagine if sensitive data from millions of Americans, including military personnel or government employees, were to fall into the hands of a foreign adversary. The implications for our national defense and public safety are staggering. The accusations are staggering:

• Temu allegedly installs hidden spyware on your device, monitoring your every digital move.
• The app can reportedly override your privacy settings, access your camera, and even read your private messages.
• There are serious concerns that Temu products may be made with Uyghur slave labor, violating U.S. laws and contributing to one of the most egregious human rights abuses of our time.

The Chinese government’s brutal crackdown on the Uyghur population in Xinjiang has led to widespread forced labor, and by purchasing from Temu, Americans may unwittingly be supporting this atrocity. The moral and legal consequences of allowing such a company to operate unchecked on American soil are profound. Temu has already been kicked off app stores once for "nefarious activities." Now it's time to act: Temu isn't just a harmless shopping app—it's a Trojan horse, designed to infiltrate our phones, our lives, and our nation's security. The Chinese Communist Party is laughing all the way to the data bank while Americans unknowingly hand over their digital lives. Other countries are beginning to recognize and address similar threats, and the United States must take a leadership role in safeguarding its citizens. It's time to shut down Temu before it's too late. Congress, state leaders, it's time to act. Protect America—ban Temu now. Brian J. Cavanaugh served on the National Security Council from 2018–2021 as the Senior Director for Resilience under Presidents Trump. He is currently the Senior Vice President of Homeland Security and Technology at American Global Strategies, a firm founded by former National Security Advisor Robert O’Brien and NSC Chief of Staff Alex Gray. Read More:- https://www.realclearpolicy.com/articles/2024/08/16/temu_the_trojan_horse_in_your_pocket_-_a_national_security_nightmare_unfolding_1052169.html Source Credit: https://www.realclearpolicy.com/

Google LLC has committed to removing a dubious application found on some or all Pixel phones following a report about it representing a serious security vulnerability, be it that the severity of the vulnerability is in dispute. A report released today by mobile device security company iVerify LLC, in conjunction with the security team at Palantir Technologies Inc., detailed the discovery of a serious Android security vulnerability that the report says affects millions of Pixel devices globally. The vulnerability makes Android accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections and spyware installations. The vulnerability relates to an Android app package called Showcase.apk. Per the iVerify report, the application runs at the system level and can fundamentally change the phone’s operating system. The application package is installed over unsecured HTTP protocols, opening a backdoor that makes it easy for cybercriminals to compromise the device. The report notes that users cannot remove the app since it’s part of the firmware image and Google does not allow end-users to alter the firmware image for security reasons. “While we don’t have evidence this vulnerability is being actively exploited, it nonetheless has serious implications for corporate environments, with millions of Android phones entering the workplace every day,” Rocky Cole, co-founder and chief operations officer of iVerify, said in a statement sent to SiliconANGLE. “Google is essentially giving CISOs the impossible choice of accepting insecure bloatware or banning Android entirely.” The report also claimed that Google was also made aware of the vulnerability, with iVerify submitting a detailed report on what the issue is. “It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks,” the report states. Though Google has admitted that the file may cause security issues, the search giant indicated the exposure and potential security risk isn’t as widespread as it may appear. A spokesperson from Google who spoke with CNET claims that the app was developed by Smith Micro Software Inc. for Verizon Communications Inc. and is not an Android or Pixel vulnerability. It’s also claimed that the app was only used for in-store devices and that the app is no longer being used. Further, Google disputes the risk presented by it. “Exploitation of this app on a user phone requires both physical access to the device and the user’s password… we have seen no evidence of any active exploitation,” the spokesperson added. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update.” The claims come after Google announced its latest Pixel lineup at an event on Aug. 13. Google announced a new family of Pixel 9 smartphones, along with the Pixel 9 Pro Fold, that feature the company’s artificial intelligence Gemini family of models. Read More:- https://siliconangle.com/2024/08/15/google-remove-potentially-risky-app-pixel-devices-following-security-report/ Source Credit: https://siliconangle.com/  

A significant security flaw found in Google Pixel phones could put millions of users' data at risk, according to a new report.

The malware hides itself on the home screen and operates stealthily in the background, managing to "steal" confidential data and monitor user activity. The rise of smartphones has also led to a rise in hackers, who, in turn, create apps designed to steal sensitive data and spy on a user's day-to-day activity. Spyware tends to be selective about its victims, typically targeting members in a single company or a certain area. The latest mobile spyware discovery, dubbed LianSpy, targets Android smartphones in Russia. However, its unorthodox approaches to tracking user data can be applied in other regions as well, meaning all Android users should potentially take note. LianSpy was discovered in March 2024, though it has been active for far longer, operating in the shadows for at least three years. Unlike other spyware, LianSpy requires users to take some action in order to fully launch and integrate itself in a user's phone. Upon launching, the malware will run a check to see if has the necessary "permissions" to use overlays, read contacts, and access call logs. If it doesn't, the spyware will "request" permission from the user, disguising itself as a system applications and financial services app to do so. Despite its "disguise," LianSpy isn't interested in a user's banking data. Instead, it monitors a user's activity while they use their Android device, intercepting call logs, sending installed applications to its own servers, and recording a user's screen. LianSpy hides itself on a user's home screen and manages to stealthily operate in the background using root privileges. Also known as root access or superuser permissions, root privileges give Android users the "highest" level of access to their device. This allows users to bypass manufacturer restrictions and:

• Replace or modify a device's operating system
• Install any apps, including specialized apps or apps not typically available on Android devices
• Customize the device, e.g. changing the home screen or using ad blockers

By using root privileges, LianSpy can bypass Android status bar notifications, which are used to alert users when their phone is actively using its microphone or camera to record. LianSpy is a Trojan malware, which makes it especially difficult to find. Also known as a Trojan Horse virus, LianSpy was likely delivered on select Android devices via "legitimate" files or apps, like a software update, email attachment, or a scam app. Spyware isn't going away anytime soon, with hackers only growing more sophisticated as technology develops. Downloading apps only from official stores and catalogs is a good start, but spyware does manage to infiltrate even those. A good rule of thumb is to only download apps you need, and ensure that you're downloading applications from a trusted source, like a legitimate company or brand. Android users should also only use well-known apps from trusted developers, and avoid "alternative" clients for messaging, like WhatsApp or Signal. Conducting a spyware "sweep" from time to time can also be beneficial. Giving a thorough look through your existing applications, permissions, and system preferences can help detect unwanted or unnecessary applications and permissions, allowing users a chance to update or delete those as needed. Users with Android devices should also update their operating systems regularly, as malware can't always adapt to new security features and bug fixes. Using spyware detection tools can occasionally be helpful, though some spyware can manage to avoid detection. Read More:- https://www.the-sun.com/tech/12188412/android-spy-app-hides-phone-records-screen-stay-safe/ Source Credit: https://www.the-sun.com/

Victims of Pegasus hacking will be notified and criminal proceedings could be brought against former officials

Poland has launched an investigation into its previous government’s use of the controversial spyware Pegasus, with a parliamentary inquiry under way and the possibility of criminal charges being brought against former government officials in future.

Adam Bodnar, Poland’s new justice minister, told the Guardian that in coming months the government would notify people who were targeted with Pegasus. Under Polish law, they would then have the possibility of seeking financial compensation, and becoming party to potential criminal proceedings.

“There is a decent chance that within a couple of months we’ll have quite extensive knowledge how this equipment was used and for what purpose,” said Bodnar.

On the possibility of future legal action, he added: “We don’t know who will be accused … if the investigation goes into the direction of accusing some persons, some ministers or officers of the security services.”

Pegasus is a powerful tool designed by Israeli company NSO Group. It is capable of taking control of a target’s mobile phone, accessing data from secure messaging apps and even turning the device into a recorder.

In 2021, a consortium of media outlets, including the Guardian, accessed a data leak that showed thousands of phone numbers that were targeted by Pegasus in various countries. It also revealed that the spyware tool had been used against media and civil society in numerous places, including in Hungary under the prime minister, Viktor Orbán.

Later that year, a separate investigation by the University of Toronto’s Citizen Lab revealed the use of Pegasus in Poland, including against targets linked to the Civic Platform party, then in opposition and now the main party in the governing coalition after parliamentary elections last October. The alleged targets included MEP Krzysztof Brejza, who at the time was running an election campaign for Civic Platform.

After the coalition, led by Civic Platform’s Donald Tusk, won Poland’s parliamentary elections last autumn, the new government promised to investigate alleged abuses of office by the rightwing nationalist Law and Justice (PiS) administration. The new authorities have replaced the management of state-controlled television, and set in train moves that could lead to the governor of the central bank, PiS ally Adam Glapiński, being removed from his post.

The parliamentary commission on Pegasus has begun amid widespread speculation of who else may have been targeted by the software. Magdalena Sroka, the MP heading the parliamentary commission, said after the first meeting of the panel: “Too long we’ve been lied to about Pegasus by PiS and we’re going to get to the bottom of it now.”

Bodnar – a lawyer and former human rights ombudsman appointed by Tusk as justice minister – said the full list remained confidential for now, but added that it included many more well-known peoplethan the few political figures already named. “This list is significantly more extensive than the list that has been made public already, a lot of other interesting public people,” he said.

Because Pegasus may also have been used in legitimate criminal investigations, it would be inappropriate simply to release a list of targeted numbers, said Bodnar. “You cannot just give away this data, even if the spyware is illegal,” he said.

Instead, the justice ministry and intelligence services plan to make a judgment on cases that appear to have been politicised or abusive and inform people individually by letter that they had been targeted. Then the person can make a decision themselves on whether to go public with the information or join in future legal action over the surveillance.

The legal side of the use of Pegasus also requires further investigation. Experts say that while court orders for surveillance were usually obtained, judges were not given full information about what exactly they were signing off on.

Bodnar said: “Apparently all those requests for using Pegasus had court authorisation, but most probably the courts didn’t know what kind of equipment would be used … They were authorising this but they did not know that [it involved] a programme that doesn’t have proper authorisation, and the data is going to Israel.”

Wojciech Klicki, a lawyer and activist with the Panoptykon Foundation, noted that judges would typically not even see the name of the person for whom they were approving a court order for surveillance.

“The system is constructed in a way that encourages judges to make automatic approvals of surveillance requests,” he said, during a recent panel discussion on the topic. “In the past couple of years the Warsaw district court saw a couple of dozen surveillance applications being submitted every day,” he added.

Polish authorities are believed to have stopped using Pegasus in 2021, around the time the Guardian and others publicised details of the spyware, including revelations that the numbers targeted by clients were also logged by NSO Group, creating a potential security breach.

The parliamentary inquiry is calling several key figures from the previous PiS government to give testimony, and has already taken testimony from PiS chairman Jarosław Kaczyński.

Klicki said that while it was important to uncover abuses of the past, he hoped the parliamentary commission would also tackle improving the legal framework long term. “It is equally important to look into the future … Otherwise we will forget that these technologies are evolving,” he said.

Additional reporting by Katarzyna Piasecka

Read More:- https://www.theguardian.com/world/2024/apr/01/poland-launches-inquiry-into-previous-governments-spyware-use Source Credit: https://www.theguardian.com/

Preliminary checks showed that about 13,000 students from 26 secondary schools in Singapore had their devices wiped remotely by a hacker, said the Ministry of Education on Monday (Aug 5). SINGAPORE: The Mobile Guardian application will be removed from all students' personal learning devices after a global cybersecurity breach affected about 13,000 secondary school students in Singapore. The students, from 26 secondary schools, had their devices wiped remotely by the perpetrator. Mobile Guardian is a device management app installed on personal learning devices used by students. It enables parents to manage students’ device usage by restricting applications or websites and screen time. In a media statement on Monday (Aug 5), the Ministry of Education (MOE) said it was alerted by schools late Sunday night that some students who use iPads or Chromebooks as personal learning devices could not access their apps and information stored in them. "MOE immediately registered strong concerns with mobile device management company Mobile Guardian," the ministry said. "Mobile Guardian’s investigations found that there had been a global cybersecurity incident involving unauthorised access to its platform that affected their customers globally, including those in Singapore." Mobile Guardian said it was alerted to suspicious activity on its platform at 10pm Singapore time on Sunday and detected unauthorised access to the iOS and ChromeOS devices enrolled to its platform. It affected users globally, including North America, Europe and Singapore. "This resulted in a small percentage of devices to be unenrolled from Mobile Guardian and their devices wiped remotely. "There is no evidence to suggest that the perpetrator had access to users’ data," Mobile Guardian said on its website. Mobile Guardian added that it has halted its services to prevent further unauthorised access. "As a precautionary measure, MOE will remove the Mobile Guardian Device Management Application from all iPads and Chromebooks," said Singapore's Education Ministry "Efforts are underway to safely restore these devices to normal usage. MOE is considering other mitigating measures to regulate device usage to support learning during this period." MOE noted that Sunday's incident was not related to earlier technical issues students faced at the end of July due to a human error in configuration by Mobile Guardian. "We understand that students are naturally concerned and anxious about the incident," said MOE. "MOE is working with schools to support affected students, including deploying additional IT roving teams to schools and providing additional learning resources." The incident comes after a similar one in April when the personal information of parents and staff members from 127 schools was accessed through Mobile Guardian in a data security breach. Read More:- https://www.channelnewsasia.com/singapore/mobile-guardian-application-remove-cybersecurity-incident-moe-4526676 Source Credit: https://www.channelnewsasia.com/

The vulnerability can allow hackers to “gain elevated privileges and obtain sensitive information on the targeted system”

The Indian Computer Emergency Response Team (CERT-In), which is a cybersecurity agency, warns Android users of facing cybersecurity issues. CERT-In explained that they have spotted high risk threats in Android versions prior 12, v12L, v13, and v14. The research team has already issued warnings of ‘high severity risk’ for people who are still using the above mentioned Android versions.

CERT-In issues security alert

CERT-In explained that, if exploited, the vulnerability can allow hackers to “gain elevated privileges and obtain sensitive information on the targeted system”. This means that the affected users’ devices could be controlled by a hacker. They can then eventually access and steal sensitive information from a victim’s device. The cybersecurity agency further added that these vulnerabilities can exist in Android due to “flaws in the System, Google Play system updates, Framework, Kernel MediaTek components, Qualcomm components, Arm components, Imagination Technologies, and Qualcomm close-source components”. This means that if your device runs on Android versions prior to Android 12l, Android 12, Android 14, and Android 13, then you can face issues in the above-mentioned components. However, this is not the first time that CERT-In has issued warnings against security issues for smartphone users. Last year “Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system,” CERT-In had said in a note.

Safety road ahead

So, how can you protect your device? The CERT-In has come up with some guidelines that could protect you from this exploit. Given below are the steps through which you can protect yourself:

• In case you suspect that your device has been compromised, always initiate a factory reset
• Next you should regularly back up your data to an external source or cloud service.
• Try to keep an eye on your device’s activity for any unusual behaviour. This could include sudden slowdowns, automated installation of unknown apps or unexpected pop-ups redirecting you links automatically
• You should try to avoid clicking on unknown links
• Always be cautious of unknown emails, messages or links, especially those that ask for personal information or credentials
• Use trusted sources: Only download apps from trusted sources like the Google Play Store.
• Try to consider installing reputable security software on your device.
• You need to regularly review the permissions that you have granted to your apps
• Lastly always go for automatic updates for both your apps and operating system

Read More:- https://www.financialexpress.com/life/technology-government-alert-for-these-android-users-your-phone-may-be-prone-to-hacking-3577733/ Source Credit: https://www.financialexpress.com/

Synopsis The Indian Computer Emergency Response Team (CERT-In) has issued a severe warning about critical vulnerabilities in Apple products, affecting iPhones, iPads, Macs, and more. These flaws, identified in software versions prior to recent updates, could lead to severe security breaches including sensitive information leaks and arbitrary code execution. Users are advised to apply the latest updates immediately. Additionally, Apple has alerted users worldwide about potential spyware attacks similar to Pegasus. Agencies The Indian Computer Emergency Response Team (CERT-In) has issued a severe warning regarding critical vulnerabilities in Apple products. The advisory, dated August 2, flags high-risk security issues across various Apple devices, including iPhones, iPads, Macs, and other products.Apple Security Alert: Vulnerable Software VersionsThe vulnerabilities affect several versions of Apple software: iOS and iPadOS: Versions prior to 17.6 and 16.7.9 macOS: Versions prior to 14.6 (Sonoma), 13.6.8 (Ventura), and 12.7.6 (Monterey) watchOS: Versions prior to 10.6 tvOS: Versions prior to 17.6 visionOS: Versions prior to 1.3 Safari: Versions prior to 17.6 CERT-In has highlighted that these vulnerabilities could allow attackers to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS), and perform spoofing attacks. The advisory describes the severity of these flaws as "high." Apple Security Alert: Immediate Update RequiredCERT-In urges all Apple users to promptly install the latest software updates provided by Apple to address these vulnerabilities and mitigate potential risks. The advisory underscores the critical nature of these security flaws and the need for immediate action to protect against possible attacks. Apple Security Alert: Spyware AlertIn addition to the vulnerabilities, Apple has alerted users about potential "mercenary spyware attacks," akin to the Pegasus spyware. These alerts, sent to users across over 150 countries, including India, are intended to warn about sophisticated spyware threats targeting iPhones. Notable figures, including Iltija Mufti, media adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of Samruddha Bharat Foundation, have reported receiving these warnings. Apple Security Alert: Government and Company Responses The Ministry of Electronics and Information Technology (MeitY) and Apple have yet to respond to inquiries regarding these issues. CERT-In continues to monitor the situation and advises users to stay informed about the latest security updates. The central government’s advisory emphasizes the high risk associated with these vulnerabilities and urges users to take immediate steps to secure their devices. Read More:- https://economictimes.indiatimes.com/industry/tech/security-alert-for-apple-users-govt-issues-high-risk-advisory-for-several-devices-check-the-full-list/articleshow/112262168.cms?from=mdr Source Credit: https://economictimes.indiatimes.com/

LianSpy can also turn off Android's Privacy Indicator, a feature that lets you know when your camera or microphone is in use.

Every month, Google releases security patches for Android that help block several malwares and spywares before they can damage your phone or tabletBut a new report by Kaspersky, the security firm that was recently banned in the United States recently discovered a spyware dubbed “LianSpy” that steals all your files, takes screenshots of what you are doing and even harvests call logs.

Unlike most malwares that get detected in a couple of months, stealth techniques used by LianSpy have been so advanced that it remained undetected for over three years. According to Kaspersky, the malware poses itself as the Alipay app or a system service to evade detection.

Researchers say "LianSpy" malware has been in use in a covert data gathering operation that's gone undetected for at least three years.

An unknown — and likely state-sponsored — threat actor has been using a previously unseen mobile spyware tool to spy on an unknown number of Android smartphone users. This activity has been ongoing for at least three years, according to researchers.

Until now, the campaign has focused mainly on targeted individuals in Russia, according to researchers at Kaspersky, who are tracking the threat as LianSpy. But the tactics that the spyware operators used in deploying the malware could be easily applied in other regions as well, Kaspersky says.

Post-Exploit Malware

"LianSpy is a post-exploitation Trojan, meaning that the attackers either exploited vulnerabilities to root Android devices, or modified the firmware by gaining physical access to victims' devices," Kaspersky researcher Dmitry Kalinin wrote in a blog post this week. "It remains unclear which vulnerability the attackers might have exploited in the former scenario."

LianSpy is the latest in a fast-growing list of spyware tools. The list includes widely deployed products such as the NSO Group's Pegasus Software and the Intellexa alliance's Predator. Researchers have discovered these malware instances targeting iPhone and Android smartphone users in recent years. The main purchasers — and users — of these tools are typically governments and intelligence agencies that want to spy on dissidents, political opponents and other persons of interest to them.

In many instances — as was the case with last year's Operation Triangulation iOS spyware campaign — the purveyors of mobile spyware tools have exploited zero-day flaws in Android and iOS to deliver and/or run their malware on target devices. In other instances, including one involving an Android spyware tool dubbed BadBazaar last year and another espionage tool dubbed SandStrike in 2022, threat actors have distributed spyware via fake versions of popular applications on official mobile app stores.

A Three Year Campaign

Kaspersky researchers first stumbled on LianSpy in March 2024 and quickly determined that the entity behind it has been using the spyware tool since July 2021. Their analysis reveals that the attackers are likely distributing the malware disguised as systems applications and financial applications.

Unlike some so-called zero-click spyware tools, LianSpy's ability to function depends, to a certain extent, on user interaction.  When launched, the malware first checks to see if it has the required permissions to execute its mission on the victim's device. If it does not have the required permissions, the malware prompts the user to provide them. When LianSpy obtains permission, it registers what is known as an Android Broadcast Receiver to receive and respond to system events such as booting, low battery, and network changes. Kaspersky researchers found LianSpy is using super user binary with a modified name ("mu" instead of "su") to try and gain root access on a victim device. Kaspersky officials say this as an indication that the threat actor delivered the malware after first gaining access to the device another way.

"Upon launch, the malware hides its icon on the home screen and operates in the background using root privileges," Kalinin wrote. "This allows it to bypass Android status bar notifications, which would typically alert the victim that the smartphone is actively using the camera or microphone."

Data Harvesting and Exfiltration

LianSpy's primary function is to quietly monitor user activity by intercepting call logs, recording the device screen especially when the user is sending or receiving messages and enumerating all installed apps on the victim device. The threat actor behind the malware has not used private infrastructure for communicating with the malware or storing harvested data. Instead, the attacker has been using public cloud platforms and pastebin services for these functions.

"The threat actor leverages Yandex Disk for both exfiltrating stolen data and storing configuration commands. Victim data is uploaded into a separate Yandex Disk folder," Kaspersky said in a technical writeup on the malware.

One interesting aspect about LianSpy, according to Kaspersky, is how the malware uses its root privileges on a compromised device. Instead of using its superuser status to take complete control of a device, LianSpy uses just enough of the functionality available to carry out its mission in a quiet fashion. "Interestingly, root privileges are used so as to prevent their detection by security solutions," the security vendor says. Kaspersky researchers also found LianSpy to be using both symmetric and asymmetric keys for encrypting the data it exfiltrates, which makes victim identification impossible.

"Beyond standard espionage tactics like harvesting call logs and app lists, it leverages root privileges for covert screen recording and evasion," Kalinin said. "Unlike financially motivated spyware, LianSpy's focus on capturing instant message content indicates a targeted data-gathering operation."

Read More:- https://www.darkreading.com/mobile-security/sophisticated-android-spyware-targets-users-in-russia

Source Credit: https://www.darkreading.com/

Tech giant Google is about to purge some of the most annoying — and dangerous apps from its popular Play Store.

Beware of BingoMod! This dangerous Android malware steals your money, wipes your phone, and takes control of your device. Learn how to protect yourself from this insidious threat. Stay safe online! Computer security solutions provider Cleafy has discovered a devious remote access trojan (RAT) targeting Android users to steal sensitive information and funds through account takeover. The malware, dubbed BingoMod, performs overlay attacks and provides remote access via virtual network computing (VNC) like functionality. This multi-feature trojan was discovered in May 2024. It can bypass authentication, verification, and behavioural detection protections by performing on-device fraud (ODF), as seen in several other banking trojans like Medusa, Copybara, and Teabot. BingoMod operates under the guise of legitimate applications, often posing as mobile security tools like “APP Protection,” “AVG AntiVirus & Security,” or “WebSecurity,” to lure users into downloading/installing the malware on their devices. According to Cleafy’s blog post, Once installed, BingoMod requests Accessibility Services permissions to execute the malicious payload. It aims to provide sensitive data to its operators through key-logging, which exploits Accessibility Services to steal login credentials or account balances, and SMS intercepting, which monitors SMS messages used by financial institutions for transaction authentication numbers (TANs). It also establishes a socket-based connection with the C2 for ODF. The malware offers around 40 remote control functions, including real-time screen control through VNC-like routines and screen interaction. It uses Android’s Media Projection API to capture screenshots of the victim’s device screen, providing a comprehensive overview. Hackers can send arbitrary commands to affected devices, allowing them to attack banking apps and steal up to 15,000 euros per transaction. The malware allows threat actors to send SMS messages from infected devices, potentially spreading the malware further. To prevent removal, users are prevented from editing system settings, blocking specific applications, and uninstalling applications. To further cover its tracks, BingoMod employs code obfuscation techniques, making it difficult for security software to detect its presence. Some variants of the malware can wipe the device’s data through a factory reset to eliminate evidence of the theft, a tactic reminiscent of Brata malware but not directly connected. BingoMod is currently targeting devices using English, Romanian, and Italian languages. Researchers believe that it is currently in the development phase and operators are experimenting with obfuscation techniques to lower detection rates against antivirus solutions. We recommend taking a proactive approach to mobile security to prevent such threats. Always download apps cautiously, and pay close attention to app permissions, especially if they request access to features like Accessibility Services or screenshot capture. Use a reliable mobile security solution and regularly update your Android device and apps with the latest security patches. Read More:- https://hackread.com/bingomod-android-malware-security-apps-wipes-data/ Source Credit: https://hackread.com/

Officials in Greece say an investigation has cleared the country's security agencies of involvement in an international spyware scandal that triggered U.S. sanctions earlier this year

ATHENS, Greece -- A two-year investigation in Greece has cleared the country’s security agencies of involvement in an international spyware scandal that triggered sanctions by the United States earlier this year, a senior prosecutor said Tuesday.

Supreme Court prosecutor Georgia Adilini said she found no evidence linking Greece’s National Intelligence Service, the police force or its anti-terrorism division to the use of Predator spyware, which opposition groups alleged was used against some government critics.

The spyware targeted dozens of prominent individuals in Greece including Nikos Androulakis, the current leader of a Socialist party, the third largest in parliament.

The investigation's findings drew an angry reaction from left-wing and center-left opposition parties in Greece which accused the ruling conservatives of engineering a cover-up.

Speaking in parliament, Androulakis called the investigation a “sham” and demanded that lawmakers be shown full conclusions of the probe, detailed in a 300-page report that has not been made public.

“It’s a shameful practice to sell this type of software to illiberal regimes, knowing that they are most likely to be used against human rights (activists), against political opponents, and endangering the lives of thousands of people in third world countries,” Androulakis said.

In March, the U.S. Treasury Department imposed sanctions against two individuals and companies based in Greece, Ireland, Hungary and North Macedonia, all connected to software developers called the Intellexa consortium.

The sanctions announcement said they were linked to the spyware that was being sold to authoritarian regimes around the world and being used to target U.S. citizens.

The government said its opponents had baselessly conflated the use of spyware with legally authorized wiretaps carried out by Greece’s National Intelligence Service.

“Your political narrative was not served by the facts. What should we do?,” Makis Voridis, a minister of state for the government, told parliament.

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. Bitdefender first documented Mandrake in 2020, with the researchers highlighting the malware's sophisticated spying capabilities and noting that it has operated in the wild since at least 2016. Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022. Those apps remained available for at least a year, while the last one, AirFS, which was the most successful in terms of popularity and infections, was removed at the end of March 2024. Kaspersky identified the five Mandrake-carrying apps as follows:

• AirFS – File sharing via Wi-Fi by it9042 (30,305 downloads between April 28, 2022, and March 15, 2024)
• Astro Explorer by shevabad (718 downloads from May 30, 2022 to to June 6, 2023)
• Amber by kodaslda (19 downloads between February 27, 2022, and August 19, 2023)
• CryptoPulsing by shevabad (790 downloads from November 2, 2022, to June 6, 2023)
• Brain Matrix by kodaslda (259 downloads between April 27, 2022 and June 6, 2023)

The cybersecurity firm says most downloads come from Canada, Germany, Italy, Mexico, Spain, Peru, and the UK. Evading detection Unlike typical Android malware, which places malicious logic in the app's DEX file, Mandrake hides its initial stage in a native library, 'libopencv_dnn.so,' which is heavily obfuscating using OLLVM

Upon the malicious app's installation, the library exports functions to decrypt the second-stage loader DEX from its assets folder and load it into memory.

The second stage requests permissions to draw overlays and loads a second native library, 'libopencv_java3.so,' which decrypts a certificate for secure communications with the command and control (C2) server. Having established communication with the C2, the app sends a device profile and receives the core Mandrake component (third stage) if deemed suitable. Once the core component is activated, Mandrake spyware can perform a wide range of malicious activities, including data collection, screen recording and monitoring, command execution, simulation of user swipes and taps, file management, and app installation. Notably, the threat actors can prompt users to install further malicious APKs by displaying notifications that mimic Google Play, hoping to trick users into installing unsafe files through a seemingly trusty process. Kaspersky says the malware also uses the session-based installation method to bypass Android 13's (and later) restrictions on the installation of APKs from unofficial sources. Like other Android malware, Mandrake can ask the user to grant permission to run in the background and hide the dropper app's icon on the victim's device, operating stealthily. The malware's latest version also features batter evasion, now specifically checking for the presence of Frida, a dynamic instrumentation toolkit popular among security analysts.

It also checks the device root status, searches for specific binaries associated with it, verifies if the system partition is mounted as read-only, and checks if development settings and ADB are enabled on the device.

The Mandrake threat remains alive, and while the five apps identified as droppers by Kaspersky are no longer available on Google Play, the malware could return via new, harder-to-detect apps. Android users are recommended only to install apps from reputable publishers, check user comments before installing, avoid granting requests for risky permissions that seem unrelated to an app's function, and make sure that Play Protect is always active. Google shared the following statement about the malicious apps found on Google Play. "Google Play Protect is continuously improving with each app identified. We're always enhancing its capabilities, including upcoming live threat detection to help combat obfuscation and anti-evasion techniques," Google told BleepingComputer. "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play." Read More:- https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/ Source Credit: https://www.bleepingcomputer.com/news/security/

Raghav Chadha said that not just the members of Parliament but journalists and eminent people were also victims of such attack.

The Aam Aadmi Party’s Rajya Sabha MP Raghav Chadha on Friday raised the issue of State-sponsored cyberattacks on politicians and journalists in the House and asked the Centre to investigate such attacks. Calling it an attack on privacy, Mr. Chadha said that several opposition leaders had last year claimed they received an alert from Apple warning them of “State-sponsored attackers trying to remotely compromise”. He asked the government if it had taken cognisance of such attacks. “I, along with several members of this House, particularly who sit on opposition benches, were victims of something called State-sponsored spyware attack whereby our mobile phones informed us that a State-sponsored cyberattack took place which was attempting to infiltrate our mobile phone devices,” Mr. Chadha said. He said that not just the members of Parliament but journalists and eminent people were also victims of such attack. “Therefore, I ask you whether the government has taken cognisance of such attacks. Is there a list of people who were attacked by such spyware. What action has been taken?” Mr. Chadha asked. Read More:- https://www.thehindu.com/news/national/raghav-chadha-asks-centre-to-investigate-spyware-attacks-on-politicians-and-journalists-in-rajya-sabha/article68451497.ece Source Credit: https://www.thehindu.com/news/national

Two weeks before the European elections, German MEP Daniel Freund (Greens) was the target of an attempted spying operation using the state Trojan Candiru. The EU Parliament is concerned about cyber espionage. The latest victim of an - ultimately unsuccessful - attack using a state Trojan is German MEP Daniel Freund from the Green Party. "On May 27, an attempt was made to install spyware on my cell phone," the politician announced on X on Thursday. "It was an email from someone asking me for support - and to click on a link." Fortunately, he didn't do that, because otherwise the spyware would have ended up on his smartphone. According to Freund, cyber security experts later explained to him "that the 'Candiru' software was most likely used for the attack". Candiru comes from an Israeli spyware manufacturer. The spyware is similar to the better-known state Trojan Pegasus from the NSO Group, which is also based in Israel. According to experts, Candiru initially specialized in the desktop world, the NSO Group in iPhones and its competitors in Android cell phones. According to a report, Candiru then joined forces with another Israeli software manufacturer, Insanet, to develop Sherlock spyware, a joint universal product for spying on any end device. A variant of this is even said to be able to be installed on Windows PCs and popular smartphones via targeted advertising banners. The government of US President Joe Biden imposed sanctions against Candiru and the NSO Group in 2021.

Spyware attacks on EU politicians on the rise

Freund explained the details to the newsletter service Politico Playbook. According to Freund, the email with the dangerous link sent two weeks before the European elections allegedly came from a student at Kyiv International University who was organizing a seminar on Ukraine's chances of joining the EU. The email contained a request to "write a short message" for the students. The link was attached. A young woman with the same name is actually enrolled at the university in question. However, she emphasized to Playbook that she did not know who her friend was and did not know the Gmail account from which the message originated. She was shocked and assured us: "This email is definitely not from me." Freund is not the only MEP to have been the target of spyware attacks in recent months. In February, it was revealed that spyware had been discovered on the devices of MEPs Nathalie Loiseau and Elena Yoncheva - both members of the security subcommittee - and a parliamentary official. A report published in 2022 by the CitizenLab at the University of Toronto in collaboration with Catalan independence groups reveals that researchers have identified at least 65 people who have been targeted or infected with Pegasus or Candiru. The three EU parliamentarians Diana Riba, Antoni Comín and Jordi Solé are said to have been among them. Parliament President Roberta Metsola is also believed to have been the victim of a cyber attack. Members of the EU Commission are also said to have been attacked with spying programs. The Brussels-based government institution now wants to recommend a stricter approach to spyware to the EU member states. Read More:- https://www.heise.de/en/news/Candiru-New-spyware-attack-on-member-of-European-Parliament-9813834.html Source Credit: https://www.heise.de/en/news/

While the Govt of India has neither confirmed nor denied that it bought the  spyware, in his deposition a  cyber security expert has claimed there are definite traces of use by govt agencies

Microsoft, Google and several other major tech firms on Monday filed a legal brief supporting an El Salvadoran journalist whose staff was targeted with powerful mobile spyware, arguing he should be allowed to sue the software developer in U.S. court.

In March, a California federal judge dismissed the lawsuit brought by Carios Dada and other plaintiffs located overseas against Israeli spyware maker NSO Group, saying they had no standing to sue in the United States because the case was “entirely foreign.”

The amicus brief argues that Google, Microsoft and other U.S. technology companies supporting the plaintiffs have worked closely with policymakers to enhance cybersecurity and collectively spend billions annually to bolster it, partially by working to monitor and disrupt spyware.

The dismissal is now being appealed, apparently spurring the technology companies’ brief asserting that they have a “strong interest in ensuring that entities who facilitate covert access to their products are held accountable in U.S. courts.”

“Even if NSO’s spyware tools were not being used to target U.S. citizens and officials, the proliferation of these tools would still inflict substantial harm on important U.S. interests,” the brief said, noting that the spyware undermines customers’ faith in their products and threatens national security.

The plaintiffs had asked the judge to force NSO Group to return and erase all information accessed through the hacks and name the clients which sought the Pegasus spyware used in them.

Pegasus targets thousands in civil society

Dada co-founded and directs the Salvadoran news outlet El Faro, which was investigating its government’s hidden ties to violent gangs when his and several staffers’ phones were infected with the zero-click Pegasus spyware.

Pegasus is manufactured by NSO and was allegedly installed on the phones of 22 El Faro employees between June 2020 and November 2021, according to digital forensic researchers.

The lawsuit, the first filed by journalists against the spyware manufacturer in a U.S. court, centers on the fact that El Faro staffers’ phones were allegedly hit with 226 Pegasus infections.between June 2020 and November 2021, according to the Knight First Amendment Institute at Columbia University, which brought the case.

NSO Group is also currently being sued by Meta-owned WhatsApp, which asserts about 1,400 of its users also were hacked by Pegasus and that U.S.-based Amazon Web Services unknowingly stored Pegasus code for years.

In addition to Google and Microsoft, GitHub, LinkedIn and Trend Micro joined in filing the amicus brief supporting the lawsuit’s plaintiffs as their appeal of the dismissal unfolds.

The brief cites a July 2021 Amnesty International and Forbidden Stories investigation known as the Pegasus Project, which published more than 50,000 phone numbers found in a leaked database. Some of the numbers were thought to have been hacked with Pegasus.

The organizations found phone numbers belonging to 14 heads of state — including from France, Iraq, Morocco, Pakistan and Egypt — along with 600 government officials and more than 180 journalists in the database, the brief said. Pegasus can only be installed if attackers possess a given target’s phone number.

A majority of phones analyzed as part of a study of a relatively small subset of the database‘s list of numbers contained evidence of Pegasus spyware, the brief noted.

“NSO admits to having sold Pegasus to approximately 40 different governments around the world,” the brief said, noting that the company claims it works hard to vet its clients for human rights abuses in part by only allowing its spyware to be used only by law enforcement and intelligence agencies, primarily in counterterrorism efforts.

However, the brief noted, the fact that the database included targets with no connection to crime or terrorism, also including executives, religious leaders and academics, show “these protections — if they ever existed — have failed to prevent abuse.”

“It appears that, once a government purchased Pegasus from NSO, it could use the tool to hack and spy on whomever it wanted,” the brief added.

Google and Microsoft’s motives

Microsoft explained its reasons for filing the brief on a website blog penned by its associate general counsel for cybersecurity policy and protection, who said the company has long demonstrated its belief that cyber mercenaries such as NSO Group “don’t deserve immunity.”

“Despite measures taken by governments, regulators, and tech companies, the impact of these actors on the security of users continues to increase as the market expands,” the blog post said. “More must be done.”

NSO Group has consistently used Microsoft technology to attack its users, the blog post added, arguing that those users deserve “legal recourse” even if they are located abroad.

Google’s heads of security policy and security legal also published a blog post Monday, saying that while spyware usually only impacts a small number of users, “its wider impact ripples across society by contributing to threats to free speech, the free press and the integrity of elections worldwide.”

Many victims of spyware hacks use U.S.-based platforms such as Android or iOS from abroad, the post said.

“Our filing argues that victims of spyware-enabled attacks should be able to take legal action in the U.S. against spyware vendors under existing anti-hacking laws — even if they were hacked abroad,” the post said. “This is imperative to narrow the attack vectors exploited by spyware vendors.”

Read More:- https://therecord.media/microsoft-google-amicus-brief-nso-group-lawsuit Source Credit: therecord.media

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign include, CARE International, the Norwegian Refugee Council (NRC), and the Saudi Arabian King Salman Humanitarian Aid and Relief Centre. "The OilAlpha threat group is highly likely active and executing targeted activity against humanitarian and human rights organizations operating in Yemen, and potentially throughout the Middle East," the cybersecurity company said. OilAlpha was first documented in May 2023 in connection with an espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. These attacks leveraged WhatsApp to distribute malicious Android APK files by passing them off as associated with legitimate organizations like UNICEF, ultimately leading to the deployment of a malware strain named SpyNote (aka SpyMax). The latest wave, identified in early June 2024, comprises apps that claim to be related to humanitarian relief programs and masquerade as entities like CARE International and the NRC, both of which have an active presence in Yemen. Once installed, these apps – which harbor the SpyMax trojan – request intrusive permissions, thereby facilitating the theft of victim data. OilAlpha's operations also include a credential harvesting component that utilizes a bunch of fake login pages impersonating these organizations in an effort to harvest users' login information. It's suspected that the goal is to carry out espionage efforts by accessing accounts associated with the affected organizations. "Houthi militants have continually sought to restrict the movement and delivery of international humanitarian assistance and have profited from taxing and re-selling aid materials," Recorded Future said. "One possible explanation for the observed cyber targeting is that it is intelligence-gathering to facilitate efforts to control who gets aid and how it is delivered." The development arrives weeks after Lookout implicated a Houthi-aligned threat actor to another surveillanceware operation that delivers an Android data-gathering tool called GuardZoo to targets in Yemen and other countries in the Middle East. Read More:- https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html Source Credit: https://thehackernews.com/

This comes days after Congress General Secretary K C Venugopal accused the Narendra Modi-led central government of using a “malicious spyware” to try and hack his mobile phone.

Madhya Pradesh State Congress chief Jitu Patwari claimed that his iPhone was targeted by “spyware which was a state-sponsored attempt to misuse his data for political gains”.

Patwari filed a complaint with the Additional DGP Cyber Cell office in Bhopal, alleging that on July 9 he received a threat notification on his email ID and another on July 11 about an account recovery request for his Apple ID.

Venugopal shared the screenshot of a message purportedly from Apple, which read, "You are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID."

Congress MP and General Secretary in-charge of organisation KC Venugopal Saturday accused the “Modi government of using a malicious spyware” to target his mobile phone and said “we will oppose this blatantly unconstitutional act and breach on our privacy tooth and nail”.

He said the attack came to his attention after Apple sent him an alert.

Customer service emails dating back to 2014 exposed in May breach

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it.

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.

The mSpy app allows whoever planted the spyware, typically someone who previously had physical access to a victim’s phone, to remotely view the phone’s contents in real-time.

As is common with phone spyware, mSpy’s customer records include emails from people seeking help to surreptitiously track the phones of their partners, relatives, or children, according to TechCrunch’s review of the data, which we independently obtained. Some of those emails and messages include requests for customer support from several senior-ranking U.S. military personnel, a serving U.S. federal appeals court judge, a U.S. government department’s watchdog, and an Arkansas county sheriff’s office seeking a free license to trial the app.

Even after amassing several million customer service tickets, the leaked Zendesk data is thought to represent only the portion of mSpy’s overall customer base who reached out for customer support. The number of mSpy customers is likely to be far higher.

Yet more than a month after the breach, mSpy’s owners, a Ukraine-based company called Brainstack, have not acknowledged or publicly disclosed the breach.

Hunt told TechCrunch that he contacted several Have I Been Pwned subscribers with information from the breached data, who confirmed to him that the leaked data was accurate.

Millions of mSpy customer messages

TechCrunch analyzed the leaked dataset — more than 100 gigabytes of Zendesk records — which contained millions of individual customer service tickets and their corresponding email addresses, as well as the contents of those emails.

Some of the email addresses belong to unwitting victims who were targeted by an mSpy customer. The data also shows that some journalists contacted the company for comment following the company’s last known breach in 2018. And, on several occasions, U.S. law enforcement agents filed or sought to file subpoenas and legal demands with mSpy. In one case following a brief email exchange, an mSpy representative provided the billing and address information about an mSpy customer — an alleged criminal suspect in a kidnapping and homicide case — to an FBI agent.

TechCrunch analyzed where mSpy’s contacting customers were located by extracting all of the location coordinates from the dataset and plotting the data in an offline mapping tool. The results show that mSpy’s customers are located all over the world, with large clusters across Europe, India, Japan, South America, the United Kingdom, and the United States.

Buying spyware is not itself illegal, but selling or using spyware for snooping on someone without their consent is unlawful. U.S. prosecutors have charged spyware makers in the past, and federal authorities and state watchdogs have banned spyware companies from the surveillance industry, citing the cybersecurity and privacy risks that the spyware creates. Customers who plant spyware can also face prosecution for violating wiretapping laws.

According to the data, one of the email addresses pertains to Kevin Newsom, a serving appellate judge for the U.S. Court of Appeals for the Eleventh Circuit across Alabama, Georgia, and Florida, who used his official government email to request a refund from mSpy.

The dataset also shows interest from U.S. authorities and law enforcement. An email from a staffer at the Office of the Inspector General for the Social Security Administration, a watchdog tasked with oversight of the federal agency, asked an mSpy representative if the watchdog could “utilize [mSpy] with some of our criminal investigations,” without specifying how.

The Arkansas County sheriff’s department sought free trials of mSpy, ostensibly for providing demos of the software to neighborhood parents. That sergeant did not respond to TechCrunch’s question about whether they were authorized to contact mSpy.

The company behind mSpy

This is the third known mSpy data breach since the company began in around 2010. mSpy is one of the longest-running phone spyware operations, which is in part how it accumulated so many customers.

But the data breach of mSpy’s Zendesk data exposed its parent company as a Ukrainian tech company called Brainstack.

Brainstack’s website does not mention mSpy. Much like its public open job postings, Brainstack only refers to its work on an unspecified “parental control” app. But the internal Zendesk data dump shows Brainstack is extensively and intimately involved in mSpy’s operations.

In the leaked Zendesk data, TechCrunch found records containing information about dozens of employees with Brainstack email addresses. Many of these employees were involved with mSpy customer support, such as responding to customer questions and requests for refunds.

Brainstack chief executive Volodymyr Sitnikov and senior executive Kateryna Yurchuk did not respond to multiple emails requesting comment prior to publication. Instead, a Brainstack representative, who did not provide their name, did not dispute our reporting but declined to provide answers to a list of questions for the company’s executives.

It’s not clear how mSpy’s Zendesk instance was compromised or by whom. The breach was first disclosed by Switzerland-based hacker maia arson crimew, and the data was subsequently made available to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest.

“We are committed to upholding our User Content and Conduct Policy and investigate allegations of violations appropriately and in accordance with our established procedures,” the spokesperson said.

Read More:- https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/ Source Credit: https://techcrunch.com/2024/07/11

Apple has once again notified users that their iPhone may have been affected by a potential mercenary spyware like Pegasus.

Apple has once again issued a new round of warnings for iPhone users in 98 countries including India, warning them that they might potentially be targeted by a Pegasus like spyware. Earlier this year in April, the Cupertino-based tech giant sent a similar notification to users across 92 nations.

According to a support document on the Apple website, the company has been regularly informing iPhone users across 150 countries worldwide about these types of attacks. However, the latest notification did not disclose the attacker’s identities and the list of countries where users received the alert.

EU Parliament defense committee was the target of phone hacking, internal email says. The European Parliament on Wednesday asked members on its defense subcommittee to have their phones checked for spyware after it found traces of hacking on two devices. Members and staff in the chamber's subcommittee on security and defense (SEDE) have had their phones hit with intrusive surveillance software tools, the institution said in an internal email. All lawmakers in the subcommittee have been advised to take their phones to the institution's IT service to be checked for spyware, according to the email, seen by POLITICO. The European Parliament is on high alert for cyberattacks and foreign interference in the run-up to the EU election in June. POLITICO reported in December that an internal review showed that the institution's cybersecurity "has not yet met industry standards” and is “not fully in-line with the threat level" posed by state-sponsored hackers and other threat groups. One member of the security and defense subcommittee went in for a routine check on Tuesday, which resulted in a discovery of traces of spyware on their phone. The member told POLITICO it wasn't immediately clear why they were targeted with hacking software. Parliament's Deputy Spokesperson Delphine Colard said in a statement that "traces found in two devices" prompted the email calling on members to have their phones checked. "In the given geopolitical context and given the nature of the files followed by the subcommittee on security and defence, a special attention is dedicated to the devices of the members of this subcommittee and the staff supporting its work," the statement said. The new revelations follow previous incidents with other European Parliament members targeted with spyware. Researchers revealed in 2022 that the phones of members of the Catalan independence movement, including EU politicians, were infected with Pegasus and Candiru, two types of hacking tools. That same year, Greek member of the EU Parliament and opposition leader Nikos Androulakis was among a list of Greek political and public figures found to have been targeted with Predator, another spyware tool. Parliament's President Roberta Metsola previously also faced an attempted hacking using spyware. European Parliament members in 2022 set up a special inquiry committee to investigate the issue. It investigated a series of scandals in countries including Spain, Greece, Hungary and Poland and said at least four governments in the EU had abused the hacking tools for political gain. Parliament's IT service launched a system to check members' phones for spyware in April last year. It had run "hundreds of operations" since the program started, the statement said. Read More:- https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/ Source Credit: https://www.politico.eu/article/  

A politically motivated threat actor has launched a new malware campaign targeting Android devices. Researchers with SentinelLabs said that a Pakistani state-backed hacking crew known as Transparent Tribe launched a new tool dubbed CapraRAT. The trojan is intended to spy on user activity, with users in India being the primary targets. As with previous campaigns by Transparent Tribe, CapraRat disguises itself as various popular Android apps. In this case, TikTok, Forgotten Weapons, and a "Sexy Videos" app are used as lures, as is a mobile game known as "Crazy Games." When the targets launch the malware, the fake app simply redirects the device to the relevant site or YouTube channel in order to make the targets think they are running a legitimate app. In the meantime, the malware itself is able to perform a number of covert functions, including tracking GPS position, reading user SMS messages and contacts, manage network connections, and track user browsing. While the malware itself is considered a remote access trojan (RAT) the researchers said they believed that CapraRAT is more likely being used as covert spyware and a surveillance tool rather than a backdoor or remote control malware. The use of fake apps to disguise malware has long been a popular method for infecting mobile devices. Transparent Tribe, for example, previously conducted a trojan campaign centered on another saucy vids app. “The new campaign continues that trend with the Sexy Videos app,” the SentinalLabs team noted. “While two of the previously reported apps launched only YouTube with no query, the YouTube apps from this campaign are each preloaded with a query related to the application’s theme.” The SentinelLabs crew noted that the malware writers appear to be getting more experienced and sophisticated with their coding practices. “The new campaign’s apps ran smoothly on this modern version of Android,” the researchers explained. “The September 2023 campaign apps prompted a compatibility warning dialog, which could raise suspicion among victims that the app is abnormal.” Users are advised to obtain their software from trusted app stores and be weary of any apps that seek unusually invasive permissions and hardware access. Read More:- https://www.scmagazine.com/news/caprarat-malware-targeting-android-users-with-fake-apps Source Credit: https://www.scmagazine.com/news/

The Treasury Department banned the company, Intellexa, from doing business in the U.S.

The Treasury Department on Tuesday banned a notorious creator of software that can hack smartphones and turn them into surveillance devices from doing business in the U.S.

The sanctions constitute the most aggressive action taken by the U.S. government against a spyware company.

The company, Intellexa, develops a software called Predator, which can take over a person’s phone and turn it into a surveillance device. Predator and other major spyware programs boast capabilities such as secretly turning on the user’s microphone and camera, downloading their files without their knowledge and tracking their location.

Under the sanctions, Americans and people who do business with the U.S. are forbidden from transacting with Intellexa, its founder and architect Tal Dilian, employee Sara Hamou and four companies affiliated with Intellexa.

In a press call previewing the sanctions, a White House official, who requested to not be identified, said the decision to sanction Intellexa “goes beyond actions we’ve taken.”

“This is the first time that the U.S. government has leveraged any sanctions authority against commercial spyware vendors for enabling misuse of their tools,” he said.

An Amnesty International investigation found that Predator has been used to target journalists, human rights workers and some high-level political figures, including European Parliament President Roberta Metsola and Taiwan’s outgoing president, Tsai Ing-Wen. The report found that Predator was also deployed against at least two sitting members of Congress, Rep. Michael McCaul, R-Texas, and Sen. John Hoeven, R-N.D.

Predator was also central to a scandal that rocked Greece in 2022 in which dozens of politicians and journalists were reportedly targeted with the spyware.

NBC News was unable to reach Intellexa for comment. Its website has been offline since sometime in 2023.

Multiple governments around the world “have deployed this technology to facilitate repression and enable human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists,” a Treasury Department press release on the sanctions said.

The sanctions follow President Joe Biden’s 2023 executive order regulating commercial spyware.

Under that order, the Commerce Department previously placed another spyware developer, the Israeli company NSO Group, on the U.S. entity list, subjecting it to additional regulations. But sanctioning Intellexa is an escalation, said John Scott-Railton, a senior spyware researcher at the University of Toronto’s Citizen Lab.

“The U.S. using Treasury sanctions is going to be a thunderclap for the spyware world,” he said. “Suddenly this has big, personal consequences.”

“This is the kind of stuff that causes people to consider changing lines of work and leaving countries,” he said.

Read More:- https://www.nbcnews.com/tech/security/us-bans-maker-spyware-targeted-senators-phone-rcna141855 Source Credit: https://www.nbcnews.com/tech/security/

The forensic work on Magnale's phone found a pattern of suspicious crashes on it that matched previously known Pegasus intrusions.

An Indian journalist has been allegedly subjected to hacking using Pegasus, a spyware manufactured by Israel-based NSO Group. An analysis of the journalist's iPhone showed an infiltration attempt was made in August, news agency Reuters reported. Anand Magnale, who works for a global group of investigative journalists called Organised Crime and Corruption Reporting Project (OCCRP), was reportedly among those in India who received alerts on their Apple mobile devices which prompted a row over issue of national security and call for stringent IT rules. Several politicians were also among those who received the Apple alerts, who claimed that they have been targetted by ‘state-sponsored’ hackers in order to remotely access their iPhones. However, those alerts didn't specify any government entity behind the hacks or any use of spyware. Moreover, the Indian government has also dismissed the allegations of being involved in the ‘hacking’ alerts and ordered an inquiry into the matter. OCCRP co-founder Drew Sullivan told the news agency that the forensic work on Magnale's phone found a pattern of suspicious crashes on it that matched previously known Pegasus intrusions. The journalist hasn't responded on the matter. The Union IT ministry also didn't react to the report immediately. Pegasus, sold exclusively to government bodies, manufactured to combat terror and crime which works by allowing sweeping access to the targets' smartphones, allowing them to record calls, intercept messages and transform the phones into portable listening devices. "Whatever government is spying on the reporters, there's no plausible explanation for that other than political gain," Sullivan told Reuters. iVerify, the company that ran the forensics on Magnale's phone said ‘with high confidence’ that his phone was attacked with Pegasus. Read More:- https://www.hindustantimes.com/india-news/indian-journalists-phone-targetted-with-israeli-spyware-pegasus-report-101699501184036.html Source Credit: https://www.hindustantimes.com/

Editor's Note: This article was updated 10:50 a.m. Eastern time, June 18, with comments from former U.N. official David Kaye and WhatsApp.

The manufacturers of the powerful commercial spyware Pegasus argued in a Friday court filing that it is appropriate for its global clients to target any high-ranking government or military official with the technology because their jobs categorically make them “legitimate intelligence targets.”

The statement is a revelatory admission from the typically tight-lipped Pegasus manufacturer, NSO Group, regarding who it believes can justifiably be targeted with its zero-click and all-seeing surveillance product.

It surfaced in court documents related to a lawsuit WhatsApp has brought against NSO Group for allegedly infecting about 1,400 of its users’ devices with the technology. The hacks were discovered in 2019.

A former United Nations official overseeing the right to free expression said NSO Group’s comments go beyond their prior assertions and are more sweeping in their definition of who can legitimately be targeted by Pegasus.

The official, David Kaye, pointed to a 2019 NSO Group letter sent to him while he was at the U.N. It said Pegasus is “intended to prevent acts of terrorism, large-scale drug trafficking, pedophile networks, and other serious criminal acts.”

In that same letter, NSO Group said that its contracts with clients “specifically demand that customers utilize our technologies as intended – to investigate and prevent crimes and terrorism.”

Friday’s filing seems to suggest a broader purpose for Pegasus, Kaye said, pointing to NSO’s explanation that the technology can be used on “persons who, by virtue of their positions in government or military organizations, are the subject of legitimate intelligence investigations.”

“This appears to be a much more extensive claim than made in 2019, since it suggests that certain persons are legitimate targets of Pegasus without a link to the purpose for the spyware’s use,” said Kaye, who was the U.N.’s special rapporteur on freedom of opinion and expression from 2014 to 2020.

NSO Group clients include or have included repressive regimes such as Hungary, the United Arab Emirates and Saudi Arabia. Pegasus technology was allegedly used to track journalist Jamal Khashoggi in the months before he was murdered by the Saudi government.

The Israeli company’s statement comes as digital forensic researchers are increasingly finding Pegasus infections on phones belonging to activists, opposition politicians and journalists in a host of countries worldwide.

NSO Group says it only sells Pegasus to governments, but the frequent and years-long discoveries of the surveillance technology on civil society phones have sparked a public uproar and led the U.S. government to crack down on the company and commercial spyware manufacturers in general.

Debating legitimate Pegasus targets

Friday’s court filing centers on a fight between NSO Group, WhatsApp and digital forensic researchers from The Citizen Lab, whose experts helped research many of the Pegasus infections documented in the case.

NSO Group wants The Citizen Lab to turn over information about additional victim identities and how it made its analysis.

The debate focuses on lists The Citizen Lab produced classifying Pegasus infections as affecting either top government and military officials — referred to in the filing as the VIP list — or civil society leaders.

NSO says the list of individuals The Citizen Lab classified as VIPs includes 93 people the company describes as “high-ranking government or military officials.”

“The VIP list is almost entirely comprised of persons who, by virtue of their positions in government or military organizations, are the subject of legitimate intelligence investigations,” an attorney for NSO Group wrote in the filing. “All the VIPs are legitimate intelligence targets.”

The company accessed the lists through discovery because The Citizen Lab worked with WhatsApp to help identify and alert civil society victims when the hacks were first found in 2019. Not all of the approximately 1,400 total victims are identified or classified in the lists obtained by NSO Group, which is seeking the additional names and classifications.

An NSO Group spokesperson could not immediately be reached for comment on this story, but told Recorded Future News last week that it “complies with all laws and regulations and sells only to vetted intelligence and law enforcement agencies.”

“Our customers use these technologies daily to prevent crime and terror attacks,” they said.

The company does not disclose its client list, but the spokesperson noted it doesn’t work with Russia or its allies.

Opposition ‘VIPs’

NSO Group also appeared to suggest in court filings that opposition politicians can be legitimately surveilled with Pegasus. This assertion comes as Polish officials  investigate what they have described as a Pegasus-enabled coordinated campaign by the country’s former majority to track hundreds of opposition party politicians and those aligned with them.

“Citizen Lab appears to have drawn a distinction between politicians whose parties are in power (VIPs) versus politicians belonging to opposition parties (civil society),” the NSO Group lawyer wrote.

“For purposes of determining whether an individual was legitimately surveilled (eg, as part of an intelligence operation) using Pegasus, defendants submit that this distinction is unjustified and all senior political operatives should be classified as VIPs.”

Poland is far from the only country where Pegasus has targeted minority party officials and civil society leaders. In 2022, The Citizen Lab published a report documenting that Pegasus was used to target at least 63 Catalan government officials and activists following a 2017 bid for independence.

A spate of Pegasus infections targeting Indian journalists — whose most recent victims were made public in December by Amnesty International — is also cited by the NSO lawyer, who said that a “supposed” Indian journalist included on The Citizen Lab’s list was sentenced to life imprisonment for “sedition and waging war against the nation.”

Calling the journalist and some others The Citizen Lab classified as civil society victims “criminals,” the lawyer suggests their inclusion on the list shows The Citizen Lab has “hugely overreached… in an effort to further its agenda that the use of Pegasus against civil society targets is widespread.”

The Indian government was found to have bought Pegasus from Israel in 2017. Multiple news reports have suggested that Indian Prime Minister Narendra Modi's government has used Pegasus to spy on and potentially even jail its critics.

A forensic analysis of a device belonging to imprisoned Indian activist and Modi critic Rona Wilson found evidence that it was infected with Pegasus between 2017 and March 2018. In June 2018 Wilson was arrested on terror-related charges.

'Lawfully targeted'

The Citizen Lab lawyer argued in the filing that NSO Group has no standing to compel it to turn over information on Pegasus targets or its analysis.

NSO Group is seeking a so-called letter rogatory to force disclosures from The Citizen Lab.

Letters rogatory are typically used to obtain evidence if permitted by the laws of the foreign country involved in a lawsuit. NSO Group is based in Israel, The Citizen Lab in Canada and Meta, which owns WhatsApp, is in the U.S.

“The core rationale for defendants’ request — their disagreement with The Citizen Lab’s categorization of listed individuals — is irrelevant,” the digital freedom research institute’s lawyer asserts.

In order to compel material from The Citizen Lab, NSO Group’s defense must show that individuals were “lawfully targeted by a U.S. law enforcement or intelligence agency,” the lawyer asserted.

The Citizen Lab did not respond to a request for comment.

A spokesperson for WhatsApp pointed to the company’s comments to the judge in the Friday filing, emphasizing that NSO Group relied only on public information from “questionable or biased sources” in challenging The Citizen Lab classifications of victims.

NSO Group illegally targeted WhatsApp’s systems and users with their spyware, “a pattern of abuse that cannot be tolerated by liberal democracies,” the spokesperson said via email.

In March, a California federal judge ordered NSO Group to turn over its closely guarded secret code as part of discovery in the years-long lawsuit, a decision seen as a major win for WhatsApp.

Read More:- https://therecord.media/government-military-fair-targets-nso-group Source Credit: https://therecord.media/

Security researchers have uncovered a new cyber espionage campaign primarily targeting iPhone users in South Asia. Find out more about the spyware implant and the risk it poses to Apple devices.

• iPhone users across South Asian countries face a new spyware campaign threat called LightSpy.
• The spyware implant creates an advanced backdoor in iOS that is usually distributed through compromised websites and watering hole attacks.

Cybersecurity researchers have found that iPhone users in South Asian countries are being targeted by a cyber espionage campaign aiming to deliver a spyware implant called LightSpy to iOS devices. Kaspersky and Trend Micro previously noticed a LightSpy campaign in 2020, with the spyware being primarily distributed through watering hole attacks and compromised websites. According to a report by cyber security researchers from the Blackberry Threat Research and Intelligence Team, the latest version of the LightSpy campaign uses a modular framework with sophisticated spying capabilities. LightSpy uses a certificate pinning strategy to prevent interception and detection of any communication made to its command and control servers. The campaign has largely targeted iPhone users in India, although there have been several reports from Sri Lanka, Afghanistan, Pakistan, Bangladesh, Nepal, Bhutan, Maldives, and Iran. According to the report, the attack is suspected to have been conducted by Chinese hackers owing to its functionality and infrastructure similarities to DragonEgg spyware, which has been linked to APT41, a Chinese nation-state hacker group. The report states that LightSpy can extract sensitive information such as location data, sound recordings, contacts, SMS messages, and data from apps such as Telegram and WeChat. The re-emergence of LightSpy spyware implants highlights the growing threat of mobile espionage threat campaigns. The campaign follows in the footsteps of the recent mercenary spyware attacks that impacted iPhone users in 92 countries and makes Apple’s security updates all the more important. Read More:- https://www.spiceworks.com/it-security/endpoint-security/news/lightspy-spyware-targets-iphones-south-asia/ Source Credit: https://www.spiceworks.com/it-security/

The Law and Justice (PiS) party, which ruled Poland from 2015 to 2023, is suspected of having spied on opposition politicians and magistrates critical of its administration

The chairman of Poland’s main populist party Jaroslaw Kaczynski appeared before a parliamentary commission on Friday over the alleged use of the Israeli spyware Pegasus while it led the country’s previous government. The Law and Justice (PiS) party, which ruled from 2015 to 2023, is suspected of having spied on opposition politicians and magistrates critical of its administration. Mr. Kaczynski, who also served as Poland’s Prime Minister, acknowledged in 2022 that his country had bought the spyware but denied that it had been used against critics. Ahead of Friday’s inquiry, the head of the commission, Magdalena Sroka, said Mr. Kaczynski was picked first to testify because of his “responsibility for the actions of the Law and Justice Party, which was in power until 2023”. Ms. Sroka added that the purchase and operation of Pegasus had “no basis” in law. The parliamentary committee will examine the objectives and legality of the use of Pegasus and try to establish how it and other similar systems were acquired by Poland.

‘Long list’

According to several sources within the new governing coalition, led by pro-EU Prime Minister Donald Tusk, the undisclosed list of individuals to be questioned could be “very long” and “shocking”. Citizen Lab, a Canada-based cybersecurity monitoring group, claimed that Pegasus was used against several people in Poland. One notable target, they say, was Krzysztof Brejza, currently a member of the European parliament but previously a coordinator of the electoral campaign of an opposition party, Civic Platform, during 2019 legislative elections. Read More:- https://www.thehindu.com/news/international/polands-right-wing-leader-questioned-over-pegasus-spyware/article67957179.ece Source Credit: https://www.thehindu.com/news/international/

Polish prosecutors have seized Pegasus spyware systems from a government agency in Warsaw and are now studying them to “determine the functionality of the Pegasus software and the broad legality of its use,” a spokesperson for the National Prosecutor’s Office said Friday according to local news reports.

The prosecutor’s office inspected and secured devices related to the powerful commercial surveillance tool at the headquarters of the Central Anticorruption Bureau on Tuesday and Wednesday, the spokesperson said.

The operation is part of a national scandal in which the previous Polish government is accused of widely abusing Pegasus to spy on opposition politicians.

Investigators also took documents from the Central Anticorruption Bureau, the Internal Security Agency, the Military Counterintelligence Service and the Police “regarding the purchase of Pegasus software, its functionality and use as part of operational inspections," the spokesperson said.

"The obtained data was transferred to the Forensic Research Office of the Internal Security Agency, which was appointed to issue an opinion on the operation and functionality of the Pegasus system," he added.

The National Prosecutor’s announced in March that it had begun a probe examining the prior majority’s use of Pegasus from November 2017 to December 2022.

Investigators are now focused in part on who purchased Pegasus for the Polish authorities.

Former Deputy Prime Minister Jarosław Kaczyński; former Deputy Minister of Justice Michał Woś; former director of the Department of Family and Juvenile Affairs at the Ministry of Justice Mikołaj Pawlak; and other Ministry of Justice employees have testified so far, according to local news reports.

Pegasus is manufactured by an Israeli company known as the NSO Group and has been increasingly showing up on the phones of civil-society figures in countries as far flung as Spain, Poland, Rwanda, Hungary, Mexico, Thailand and Latvia.

In April, Poland’s justice minister announced that nearly 600 people there, mostly opposition politicians and their allies, were targeted for surveillance with Pegasus under the former ruling Law and Justice (PiS) party.

Despite abuses such as those surfacing in Poland, NSO Group has defended the use of Pegasus on phones belonging to opposition “political operatives.”

Responding to Friday’s news, John Scott-Railton, a senior digital forensics researcher at The Citizen Lab, which helped uncover the abuse of Pegasus in Poland, tweeted: “Win for transparency in Poland. Nightmare for NSO Group.”

In September, Poland's Senate unveiled findings from a special commission’s investigation into the use of Pegasus to hack an opposition politician in 2019, saying the incident involved "gross violations of constitutional standards.”

The commission said it had notified prosecutors there of the potential for criminal charges against current and former Polish ministers who have been implicated in the use of the spyware.

The investigation, which ran across 18 months, also determined that the 2019 elections involving hacked opposition leader Senator Krzysztof Brejza were unfair due to use of the spyware.

“Pegasus is not an operational tool used by the services, but it is a cyber weapon, i.e. a tool to influence the behavior of other people,” Pegasus Surveillance Committee Chairman Marcin Bosacki said according to a summary report. “We can unequivocally state that Pegasus was used in Poland to an extremely aggressive degree.”

Read More:- https://therecord.media/poland-seizure-pegasus-spyware-systems?&web_view=true Source Credit: https://therecord.media/

The popular shopping app Temu has been accused by a US state of spying on Western customers’ text messages. Prosecutors in Arkansas have sued the company, claiming the e-commerce service in fact functions as “malware and spyware” that can access contacts and text messages. Temu denies the allegations. The business, run by Chinese-owned PDD Holdings, has exploded in popularity in the last two years by offering free delivery and cut-price goods shipped directly from China. US Congress has already raised concerns about the company and its rival Shein, which is planning a London Stock Exchange listing, over whether forced labour is used in their supply chains. Tim Griffin, Arkansas’s attorney general, sued the company this week for breaking state privacy and deceptive trade laws. He said: “Temu is not an online marketplace like Amazon or Walmart. It is a data-theft business that sells goods online as a means to an end. “Though it is known as an ecommerce platform, Temu is functionally malware and spyware. It is purposefully designed to gain unrestricted access to a user’s phone operating system. It can override data privacy settings on users’ devices, and it monetizes this unauthorised collection of data.” Mr Griffin also claimed that “Temu is led by a cadre of former Chinese Communist Party officials, which raises significant security risks to our country and our citizens”. The lawsuit repeated several claims by Grizzly Research, an investment company that has taken out a short selling position against US-listed PDD. Grizzly Research has claimed that the app has “hidden functions that allow for extensive data exfiltration unbeknownst to users”. Temu’s app was briefly suspended from the Apple App Store last year due to concerns it was misleading users about how it used data. Pinduoduo, the Chinese shopping app run by the same parent company, has also been suspended from Google’s Play Store. The company said: “The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded. “We categorically deny the allegations and will vigorously defend ourselves. “We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us. We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time.” Temu, which features the tagline “shop like a billionaire”, has been one of the most downloaded apps in the UK and US over the last year. Read More:- https://www.telegraph.co.uk/business/2024/06/28/chinese-shopping-app-temu-spying-on-western-customers/ Source Credit: https://www.telegraph.co.uk/business/2024/06/28/

New Android Malware “Snowblind” bypasses security! It exploits Linux’s seccomp to launch scalable attacks and steal your data. Download safely, update your device, and consider mobile security to stay protected. Promon, a leading mobile app security provider, has discovered a new Android malware called Snowblind. In their report, shared ahead of its release with Hackread.com on Wednesday, June 26th, Promon revealed that this malware exhibits a unique ability to bypass even the strongest anti-tampering mechanisms by disabling an app’s ability to detect malicious modifications, exposing users to risks like financial loss and fraud. It achieves its malicious objectives by manipulating the Accessibility Services and the ‘seccomp’ feature on Android devices. For your information, ‘seccomp‘ (secure computing) is a safety filter in the Linux kernel that restricts an app’s ability to make system calls or requests from the operating system. Accessibility Services enable users with disabilities to interact with and modify app interfaces, read screen content, input text, etc. Snowblind aims to prevent the detection of repackaged apps by bypassing anti-tampering mechanisms in the targeted app. It modifies apps to avoid the detection of accessibility services and uses seccomp functionality to intercept and manipulate system calls, allowing it to bypass security checks and remain undetected. It also installs a seccomp filter to trap specific system calls and uses a signal handler to intercept and modify these calls to prevent detection. Through this filter, Snowblind checks the origin of system calls, enabling it to generate a signal only if the call comes from an anti-tampering library. This improves the attack’s speed and allows attackers to filter, inspect, and manipulate any system call. As per Promon’s blog post, the malware can also manipulate and trace any code reliant on system calls, even if it implements the system calls and makes them hard to find and patch, making it a powerful tool for bypassing anti-tampering mechanisms. Through its manipulation capabilities, Snowblind can target multiple apps or system functions, including banking apps, to steal login credentials, hijack user sessions, and disable security features like 2FA or biometric verification. Additionally, Snowblind also exfiltrates sensitive information and transaction data, exposing victims to fraud. It is effective on all modern Android devices, providing a wider range of attack possibilities. To protect against Snowblind and similar threats, Android users should download apps from trusted sources and official app stores like Google Play, update their devices regularly, consider using a mobile security solution, and be cautious of unusual app behaviour. If an app starts consuming excessive resources or exhibiting unexpected permissions requests, uninstall it and report it to the developer or app store. Read More:- https://hackread.com/snowblind-android-malware-steals-bypasses-security/ Source Credit: https://hackread.com/

The maker of the notorious Pegasus spyware has said that government and military officials are “legitimate intelligence targets” in a recent court filing, citing Republican Mitch McConnell as an example. An Israeli cyber intelligence firm known for its “zero-click” spyware has said that it considers officials in all military and government officials legitimate surveillance targets for its software. The NSO Group made the claim in a court filing regarding an ongoing case between the messaging service WhatsApp and the group regarding 2019 allegations of infecting 1,400 WhatsApp users with the company’s Pegasus spyware. The NSO Group is demanding full access to a list of “VIPs” and “civil society leaders” compiled by the Citizen Lab during investigations into the use of Pegasus spyware on non-criminal or terrorist targets. Only a limited list has been shared with the NSO Group, which contends that it needs access to the entire list to better make its case. The Citizen Lab lists include current members of government (VIPs) and members of opposition parties (civil society leaders). The NSO Group did note that it had been able to discover some details of the lists and said that a “quarter of the ‘VIPs’ are affiliated with criminals and terrorists based on readily available public sources alone”. But even if they’re not somehow connected to illegal activities, the NSO Group contends that such people are nonetheless legitimate targets. “Moreover, the VIP list is almost entirely comprised of persons who, by virtue of their positions in government or military organisations, are the subject of legitimate intelligence investigations,” the NSO Group said. Talking about the civil society list, NSO Group added that it believes such distinctions are “unjustified”. “For purposes of determining whether an individual was legitimately surveilled (e.g., as part of an intelligence operation) using Pegasus, defendants submit that this distinction is unjustified and all senior political operatives should be classified as VIPs,” it said. By way of an example, the NSO Group asked, “Would anyone argue that Mitch McConnell is a member of ‘civil society’ because his party is in the minority in the Senate?” Mitch McConnell is currently the Republican Senate Minority Leader. The NSO Group said in the filing that at least two of the people on the civil society list are Indian journalists accused of spying and sedition by the Chinese and Indian governments, and therefore, their involvement in “criminal activity” justifies the use of Pegasus spyware against them. Citizen Lab’s most recent report into the use of the NSO Group’s “mercenary spyware” revealed seven Belarussian and Russian-speaking “independent journalists” and activists were targets of Pegasus between August 2020 and January 2023. “The latest investigation identifies seven additional Russian and Belarusian-speaking members of civil society and journalists living outside of Belarus and Russia who were targeted and/or infected with Pegasus spyware,” Citizen Lab said in a post on its website. “Many of the targets publicly criticised the Russian government, including Russia’s invasion of Ukraine. These individuals, most of whom are currently living in exile, have faced intense threats from Russian and/or Belarusian state security services.” The NSO Group refers to itself as a developer of “best-in-class technology to help government agencies detect and prevent terrorism and crime” on its website and claims that “NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror”. Read More:- https://www.cyberdaily.au/tech/10734-spyware-maker-nso-group-claims-politicians-are-legitimate-spying-targets Source Credit: https://www.cyberdaily.au/tech/

The apps-- Defcom, Sim Info and Dink Messenger-come with 'XploitSPY' malware capable of sending out personal and financial details from the infected phone to the hackers' server accounts. Cyber security firm ESET has detected an active espionage campaign on Google Play Store and Android phones. Newly identified threat group called 'Virtual Invaders' had rolled out three spyware-laced apps, which masquerade as messenger applications. Threat actors targeted citizens in South Asian countries, mostly in India and Pakistan. The apps-- Defcom, Sim Info and Dink Messenger-come with 'XploitSPY' malware capable of sending out personal and financial details to the hackers' server. After getting installed on the device, apps were able to avoid getting detected by Google's Play Protect security system. And, then hackers were able to sectretly extract contact lists and files, and even managed to retrieve the device’s GPS location and the names of files listed in specific directories related to the camera, downloads, and even messaging apps such as Telegram and WhatsApp. ESET, which is a core member of Google's App Defence Alliance informed the search engine giant. The apps have been taken down from the Play Store, but people who have already downloaded them are advised to uninstall them. Here's how to safegaurd yourself from malware apps: 1) Always download apps from official stores such as Google Play, Apple App Store, and Windows Store. Also, be sure to read reviews of the app below; there will always be telltale signs of bad apps. People would have either praised it or panned it for failing to deliver a good user experience. 2) Make it a habit of reading and knowing the publisher of an app. Even if the app banner shows that it is created by a familiar or a reputed company, ensure you observe all minute details such as typeface, fonts, and logos, as fake apps tend to have errors in terms of wrong spellings in words and bad grammar. 3) Don't blindly install apps from URL links shared or forwarded on messenger apps by your loved ones. 4) Always ensure your phone is upgraded with the latest security software. Usually, Google/Apple/Microsoft releases security patches regularly to thwart emerging cyber threats. 5) And, to be on the safer side, install anti-virus apps on your phone for early detection and deletion of fake apps. Read More:- https://www.deccanherald.com/technology/three-android-spyware-apps-detected-on-google-play-store-2981944 Source Credit: https://www.deccanherald.com/

Apple warns iPhone users in India and 91 other countries about potential spyware attacks. The company previously sent similar warnings to Indian politicians, suggesting possible state-sponsored spyware attacks.

Apple recently sent out warnings to iPhone users in India and 91 other countries. The company informed users saying that their iPhones might be under attack by a type of spyware called "mercenary spyware," including one called Pegasus made by a company called NSO Group in Israel. Last October, they sent similar warnings to politicians from different parties in India, suggesting a possible state-sponsored spyware attack on their iPhones. However, Apple later said they couldn't pinpoint any specific attacker. According to an Indian Express report.These warnings came without blaming anyone for the attacks. The warning emails were sent out around 12:30 am IST on a Thursday. It's not clear how many people got them. The emails mentioned Pegasus spyware and said that similar tools are being used globally to target people. The subject line of the email read "ALERT: Apple detected a targeted mercenary spyware attack against your iPhone." Apple explained in the email that these attacks are rare and very sophisticated, costing lots of money and targeting only a few people. They advised users to be careful with links and attachments from unknown senders. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” the email read. “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware. These attacks cost millions of dollars and are individually deployed against a very small number of people, but the targeting is ongoing and global,” Apple said in its threat notification. Apple couldn't give more details about why they sent the warnings because it might help the attackers avoid detection. They updated their support page to help users who might be targeted. Apple started sending these warnings in 2021, and people from 150 countries have received them. Last year, at least 20 Indians with iPhones got these warnings too. Previous investigations into similar issues haven't had much success. In 2021, the Supreme Court in India formed a committee to look into allegations of illegal surveillance using Pegasus. However, they didn't find clear evidence, partly because the government didn't cooperate.Overall, Apple wants its users to be aware of the risks of such attacks and stay safe online. Read More:- https://www.indiatoday.in/technology/news/story/mercenary-spyware-apple-says-iphone-users-in-india-and-91-other-countries-were-likely-victims-of-a-spyware-2525965-2024-04-11 Source Credit: https://www.indiatoday.in/technology/news/story/

Apple has warned several Indian opposition leaders and journalists that their iPhones may have been targeted by “state-sponsored attackers”. The technology giant on Tuesday sent messages to those likely hit, saying, “If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. “While it’s possible this is a false alarm, please take this warning seriously,” said the alert from the company, without providing further details. Among the politicians who received the alert were Trinamool Congress parliamentarian Mahua Moitra, MP and chief of the All India Majlis-e-Ittehadul Muslimeen party, Asaduddin Owaisi, and Congress leader Shashi Tharoor and its spokespersons, Pawan Khera and Supriya Shrinate. “Get a life,” Moitra posted on X, slamming the Indian prime minister’s and home minister’s office for “trying to hack into my phone and email”. Moitra, a former investment banker, has been leading the opposition’s charge on Prime Minister Narendra Modi for his alleged connections to billionaire Gautam Adani, one of Asia’s richest men. In January this year, Hindenburg Research, a United States-based company specialising in “short-selling”, published a report accusing the Adani Group of engaging in stock manipulation and accounting fraud for decades. The company denied the allegations, calling the report “malicious”. The Securities and Exchange Board of India (SEBI) is investigating the allegations against the Adani Group but there has not been any breakthrough.

Apple warns users in 92 countries, including India, about a Pegasus-like spyware attack targeting individuals like journalists, activists, politicians, and diplomats. The threat notification highlights state actors, exceptional costs, and ongoing global mercenary spyware attacks. Though deployed against a small number of individuals and often involving exceptional costs, mercenary spyware attacks are "ongoing and global" NEW DELHI: Apple has warned users in 92 countries, including in India, about an ongoing Pegasus-like spyware attack that targets a very small number of individuals - often journalists, activists, politicians and diplomats. Though deployed against a small number of individuals and often involving exceptional costs, mercenary spyware attacks are "ongoing and global", according to an Apple threat notification issued on April 10 that indicated that such attacks have historically been associated with state actors. "Apple threat notifications assist users who may have been individually targeted by mercenary spyware attacks. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," it said. It has come at a time when more than 50 countries, including India, are going for elections this year. Mercenary spyware attacks cost millions of dollars and have a short shelf life, making them much harder to detect and prevent. Cybersecurity watchdog CERT-In also referred to Apple's warning and advised users to be vigilant and upgrade their software. Read More:- https://timesofindia.indiatimes.com/india/pegasus-like-spyware-attack-likely-on-select-individuals-warns-apple/articleshow/109227296.cms Source Credit: https://timesofindia.indiatimes.com/india/

The recent news of a large-scale mercenary spyware attack targeting iPhone users in India and 91 other countries sent shockwaves among smartphone users globally as it exposed their privacy and data to hackers. “The news raises serious concerns about user privacy and data security. This large-scale mercenary spyware attack is particularly concerning because it bypasses typical security measures to target specific devices,” Harish Kumar GS, Head of Sales (India and SAARC) of Check Point Software Technologies, has said. The US-based phone-maker sent a fresh round of threat notifications to scores of its users in India, cautioning them about a likely mercenary spyware attack by hackers. Top politicians and journalists received the emails from Apple on Thursday. Kumar asked the users to report any suspicious activity in their phones and change their Apple ID and passwords. “This indicates that attackers are focusing on high-profile individuals like journalists, activists, or business leaders. If successful, the spyware can steal a vast amount of sensitive data, putting users at risk of blackmail, surveillance, and disruption of their personal or professional lives,” he said. According to him, the spyware attack served as a stark reminder of the evolving cybersecurity landscape. “By staying vigilant, implementing strong security practices, and remaining informed, iPhone users can significantly reduce their risk of becoming victims. Remember, user awareness and proactive measures are crucial to protecting your privacy and data in the digital age,” he said. This targeted attack also erodes trust in mobile security, especially for iPhones which have traditionally been seen as highly secure devices. Kiran Chandra, Founder of the Free Software Movement of India (FSMI), suspects that it might be linked to elections in different countries. “It is a season of elections across the globe. The attack may be related to the elections,” he said. He said one needed a huge network to launch such large-scale attacks.

How to stay safe

Harish Kumar asked the users to ensure their phones were running on the latest iOS version. “Apple releases frequent security updates to patch vulnerabilities exploited by attackers. One needs to update the software,” he said. Phishing emails and messages are often used to deliver spyware. “Be cautious of unsolicited messages, even if they appear to come from a known contact. Never click on suspicious links or download attachments from untrusted sources,” he said. He recommended the users to go for Multi-Factor Authentication (MFA) for all their online accounts, including the Apple ID to get an extra layer of security. “When installing new apps, one should carefully review the permissions they ask for. You must give access to features genuinely needed for the app’s functionality,” he said. Besides backing up the data regularly, one should have a strong password and avoid accessing the internet using public Wi-Fi networks. Kiran Chandra, however, felt that one could do little if one is attacked by powerful such as Pegasus spyware. Read More:- https://www.thehindubusinessline.com/info-tech/spyware-attack-on-iphones-erodes-trust-in-mobile-phones/article68061580.ece Source Credit: https://www.thehindubusinessline.com/info-tech/

Mobile phones play a crucial role in our daily lives, storing personal data and facing increased hacking threats. Recognizing signs of a hacked phone and taking immediate actions are vital for data security and privacy protection. In today's digital age, mobile phones are integral to our daily lives, serving not only as communication devices but also as repositories for vast amounts of personal and sensitive information. We rely on our smartphones for everything from banking and shopping to storing photos and accessing email, making them attractive targets for hackers. With the rise in mobile usage, the threat of hacking has also increased, posing significant risks to our data and privacy. Being able to identify the signs of a hacked mobile phone, such as unusual battery drain, increased data usage, and the appearance of unfamiliar apps, is crucial. Additionally, knowing the immediate actions to take, like disconnecting from the internet, running a security scan, and changing passwords, can help mitigate damage and secure your information. Taking these proactive steps can help safeguard your mobile phone and ensure your personal data remains protected. Mobile hacked warning signs Recognizing the warning signs of a hacked mobile phone is crucial for protecting your personal information and privacy. Here are some key indicators that your device may be compromised. Unusual battery drain: A sudden and significant decrease in battery life can indicate that malicious software is running in the background, consuming power. Overheating: While some heating is normal during heavy usage, consistent overheating can be a sign of malware or spyware running on your device. Increased data usage: Unexpected spikes in data usage may indicate that your phone is sending information to a third party without your knowledge. Strange activity: If you notice unusual activities such as apps opening on their own, text messages you didn't send, or calls you didn't make, your phone might be compromised. Pop-ups and ads: An influx of pop-up ads, especially when not using a browser, can be a sign of adware infection. Unrecognised apps: If you find apps installed that you don't remember downloading, it could be a sign of unauthorised access. Slow performance: A sudden drop in your phone's performance speed can be a result of malware hogging resources. Unusual charges on your bill: Unexpected charges for premium services or international calls might indicate that a hacker is exploiting your phone. Immediate actions to take if your phone is hacked If you suspect your phone has been hacked, taking immediate action is crucial to protect your data and privacy. Here are the essential steps you should follow to secure your device and mitigate any potential damage. Disconnect from the internet: The first step is to disconnect your phone from the internet to stop any data transfer. Turn off Wi-Fi and mobile data immediately. Enable aeroplane mode: Switch your phone to aeroplane mode to cut off all communication signals, preventing further access by the hacker. Check and remove suspicious apps: Go through your installed apps and delete any that seem suspicious or that you don’t remember installing. Change passwords: Using another device, change the passwords for all your important accounts, including email, social media, and banking apps. Ensure that the new passwords are strong and unique. Install and run security software: Install reputable mobile security software and run a full scan to detect and remove any malware or spyware. Update your phone’s OS and apps: Ensure your phone’s operating system and apps are up-to-date. Updates often include security patches that fix vulnerabilities. Factory reset: If the problem persists, consider performing a factory reset. This will erase all data and settings, returning your phone to its original state. Make sure to back up important data before doing this. Contact your service provider: Inform your mobile service provider about the issue. They can provide assistance and may have additional security measures to help protect your account. Monitor your accounts: Keep a close eye on your bank and other important accounts for any suspicious activity and report it immediately. Preventative measures Taking preventative measures is essential to safeguard your mobile phone from being hacked. Implement these strategies to enhance your device's security and protect your personal information. Use strong, unique passwords: Ensure all your accounts are protected with strong, unique passwords. Consider using a password manager. Enable two-factor authentication (2FA): Add an extra layer of security by enabling two-factor authentication on your accounts. Be cautious with downloads: Only download apps from reputable sources like the official app stores and avoid clicking on suspicious links. Regularly update your device: Keep your phone’s operating system and apps updated to protect against known vulnerabilities. Install security software: Use mobile security software to protect against malware, spyware, and other threats. Avoid public Wi-Fi: Public Wi-Fi networks can be insecure. Use a VPN if you need to access sensitive information over public Wi-Fi. By staying vigilant and taking these proactive steps, you can significantly reduce the risk of your mobile phone being hacked and ensure your personal information remains secure. Read More:- https://timesofindia.indiatimes.com/technology/tech-tips/is-your-mobile-phone-hacked-know-warning-signs-and-immediate-actions-to-take/articleshow/110961426.cms Source Credit: https://timesofindia.indiatimes.com/technology/tech-tips/

Amnesty International announced that it found recent traces of Pegasus spyware, sold only to governments, on two Indian journalists’ phones after they received “state-sponsored attacker” alerts from Apple in October.

The Wire news website’s founder editor, Siddharth Varadarajan, and another journalist in India were targeted with Pegasus spyware this year, the nonprofit Amnesty International’s Security Lab was able to determine after testing their devices, it announced on Thursday. The journalists had received an alert from Apple that they were being targeted by “state-sponsored hacking,” following which they provided their phones to Amnesty for testing. NSO Group, the Pegasus spyware’s developer, only sells its technology to governments. India’s Intelligence Bureau imported hardware from NSO Group in 2017, trade data show. Separately, TheWashington Post reported that after the security alerts went out in October, government officials put ‘pressure’ on Apple to offer ‘alternative’ explanations to the public on why these warnings were sent to Opposition leaders and journalists. Union Ministers and Apple had made a series of misleading and unsubstantiated statements when these alerts went out, such as that these messages had gone out in 150 countries, when no other countries’ citizens — or ruling party lawmakers — had reported receiving a warning that week. According to the Post report, Praveen Chakravarty, the chairman of the All India Professionals’ Congress, was also likely targeted, based on an analysis of his phone by iVerify, a cybersecurity firm. The Pegasus spyware, which the Union government has not categorically denied buying or using, allows attackers to extract all the contents of smartphones by leveraging software weaknesses that are known to a select few hackers, and sold for millions of dollars. These so-called ‘zero day exploits’ allow attackers to access all the data on even phones whose software has been fully updated, and access real-time camera and microphone data. Such technology, privacy activists argue, is an unconstitutional form of surveillance. Dozens of Opposition leaders, journalists and activists were targeted by Pegasus until 2021, according to the Forbidden Stories collective, which reported on a leak of the spyware’s global targets.

‘Attack on privacy’

“Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression. All states, including India, have an obligation to protect human rights by protecting people from unlawful surveillance,” said Donncha Ó Cearbhaill, head of the Security Lab that uncovered the infections. “The recovered samples are consistent with the NSO Group’s BLASTPASS exploit, publicly identified by Citizen Lab in September 2021 and patched by Apple in iOS 16.6.1 (CVE-2023-41064),” Amnesty said in a statement, referring to a vulnerability that Apple patched through a software update in September. The Union government refused to cooperate in a Supreme Court-ordered investigation into the 2021 Pegasus revelations. Both Mr. Varadarajan and Anand Mangnale, South Asia Editor at the Organised Crime and Corruption Report Project (OCCRP), had spyware that logs show infected their phones this year. The OCCRP had reported last year that the Intelligence Bureau (IB) obtained Pegasus, citing trade data that The Hindu was later able to verify, and interviews with unnamed IB officers. Ten months later, Mr. Mangnale’s phone was infected, Amnesty found. The day before, he told TheWashington Post, he had sent queries to the Adani group for an investigative story OCCRP was working on about the corporate group. Mr. Varadarajan’s phone was found to be infected on October 16. Both men received alerts from Apple in October saying that their phones had been targeted by “state-sponsored attackers”. The Union government said it was investigating these alerts, which were sent to numerous Opposition members of Parliament as well. The Union government was reportedly looking for Pegasus alternatives after the NSO Group’s activities came under global scrutiny, but the spyware’s continued use after the furore has only emerged now. The Defence Intelligence Agency’s Signal Intelligence Directorate has purchased equipment from Cognyte, a company that has been sued in the United States on similar snooping grounds, The Hindu had reported in April. Read More:- https://www.thehindu.com/news/national/pegasus-infection-found-on-indian-journalists-phones-after-apple-alert-amnesty-international/article67682427.ece Source Credit: https://www.thehindu.com/news/national/

Android and iPhone users are being urged to reboot their devices once a week to help prevent hackers from sneaking spyware onto their phones via 'zero-click' exploits. 

As the name suggests, zero-click attacks don't require a user to click on a malicious link or download a compromised file. Instead, malware is installed on a device without any interaction from the victim, leaving little trace and making detection very difficult. A zero-click hack will exploit flaws or vulnerable areas in your phone, such as using a data verification loophole to infiltrate your system. According to the cybersecurity company Kaspersky, these attacks often target apps that offer messaging or voice calling because they are designed to receive and interpret data from untrusted sources. For example, hackers could use a hidden text message or image file to inject code that compromises the device, allowing them to install spyware and collect data, Kaspersky warns. They could also infect a device by manipulating opened URLs. However, turning your phone off and on again every week can help protect against such attacks, as it temporarily deletes the information that continuously runs in the background via apps or an internet browser. The method does require the user to reboot their phone - not simply placing it in standby mode. The method is endorsed by the US National Security Agency (NSA), which detailed the steps iPhone and Android users should take to mitigate the risk of a cyberattack in a comprehensive document. A simple reboot can also mitigate the threat of spear-phishing, a type of phishing attack that typically targets individuals or organisations through malicious emails. The goal of spear-phishing is to install malware and spyware on the targets' device, or steal sensitive information such as login credentials. The document also recommended disabling Bluetooth when it's not in use, not connecting to public Wi-Fi networks, removing any unused networks, avoiding email attachments or links from an unknown source, and updating software and apps regularly. Keeping your software and applications up to date will ensure any potential flaws or loopholes in the old version are removed, in turn making your device more secure. It also recommended setting up a strong PIN - six-digit minimum - and enabling additional security measures, such as the phone factory-resetting itself after 10 incorrect passcode entries. While the tips won't 100 percent guarantee protection from hacks and breaches, it should provide some defence against certain types of attacks, the NSA noted. Turning the phone off and on again will also not help against more advanced malware threats, which are programmed to reload on reboot. "Threats to mobile devices are more prevalent and increasing in scope and complexity," the agency warned, adding that some smartphone features "provide convenience and capability but sacrifice security". "Falling for social engineering tactics, like responding to unsolicited emails requesting sensitive information, can result in account compromise and identity theft," Oliver Page, the CEO of cybersecurity company Cybernut, told Forbes. "These phishing attempts often mimic legitimate entities, deceiving individuals into divulging confidential details. "Trusting phone calls or messages without verification can lead to serious consequences, as scammers manipulate victims into disclosing sensitive information or taking actions that compromise their security." According to reports, the last major zero-click exploit occurred in 2021, in which hackers targeted an image-processing vulnerability in Apple's iMessage app. The attack was able to bypass Apple's BlastDoor security feature, leading some researchers to call the exploit "one of the most technically sophisticated" they'd seen. Apple filed a lawsuit against NSO Group, an Israeli cyber-arms company primarily known for its extremely controversial malicious spyware Pegasus, which is capable of zero-click exploits and other sophisticated attacks. The spyware is designed to be covertly and remotely installed on mobile phones running iOS or Android. Read More:- https://www.newshub.co.nz/home/lifestyle/2024/06/iphone-android-users-warned-of-dangerous-zero-click-attacks-here-s-a-simple-method-to-protect-yourself.html Source Credit: https://www.newshub.co.nz/home/lifestyle/2024/06/

The National Security Agency (NSA), the organisation that Edward Snowden accused of spying on people and politicians in the United States, suggests Android and iPhone users should restart their smartphones once every few days.

According to Forbes, a recently revealed NSA document dating years back shares best practices for keeping your smartphone safe from threat actors and suggests that restarting your phone now and then can help with some zero-day exploits and malware that might be running on your phone. NSO Group, the company behind the Pegasus spyware is also known for using zero-day exploits to spy on its targets.

The US National Security Agency has issued advice to smartphone owners to prevent their devices from being hacked and their personal details and money stolen. The government agency’s Mobile Device Best Practices report is aimed at the billions of people around the world who use either an Android or an iOS smartphone, who are all exposed to a variety of cyber risks like spear-phishing attacks and zero-click exploits. Smartphone users can protect themselves against many of these hacks by simply turning their phones off and on again, according to the NSA’s guidance. “Threats to mobile devices are more prevalent and increasing in scope and complexity,” the US surveillance agency wrote in its guide. “Users of mobile devices desire to take full advantage of the features available on those devices, but many of the features provide convenience and capability but sacrifice security.” Among the standard advice of using strong passwords and using any biometric security features like face and fingerprint recognition, the NSA also offers other instructions that may be less familiar to average phone users. Phone owners are urged to only use their original charging cords and to not use public USB charging stations to avoid their devices from being infected with spyware. The NSA also recommends updating a device’s software as often as possible and to never connect a personal device to government computers via WiFi or Bluetooth, or to public WiFi networks. “Disable location services when not needed [and] do not bring the device with you to sensitive locations,” the advice states. “Do not have sensitive conversations in the vicinity of mobile devices not configured to handle secure voice. Do not have sensitive conversations on personal devices, even if you think the content is generic.” Since it was formed in 1952, the NSA has grown into one of the biggest surveillance agencies in the world, hiring tens of thousands of employees to collect data and communications on behalf of the US government. In 2013, former NSA contractor Edward Snowden revealed details of the agency’s worldwide surveillance activity. Among the revelations was a program called PRISM, which secretly collected voice, text and video chats of millions of foreigners and US citizens through popular apps and devices developed by Apple, Facebook, Google and Microsoft. Documents showed that the NSA gathered an average of 15 million telephone calls and 10 million internet communications each day in the year prior to Mr Snowden’s leaks. Read More:- https://www.independent.co.uk/tech/phone-hack-android-nsa-iphone-security-b2556358.html Source Credit: https://www.independent.co.uk/tech

Israeli-made Pegasus spyware was used in Jordan to hack the cellphones of at least 30 people, including journalists, lawyers, human rights and political activists, the digital rights group Access Now said Thursday. The hacking with spyware made by Israel’s NSO Group occurred from 2019 until last September, Access Now said in its report. It did not accuse Jordan’s government of the hacking. One of the targets was Human Rights Watch’s deputy director for the region, Adam Coogle, who said in an interview that it was difficult to imagine who other than Jordan’s government would be interested in hacking those who were targeted. The Jordanian government had no immediate comment on Thursday’s report. In a 2022 report detailing a much smaller group of Pegasus victims in Jordan, digital sleuths at the University of Toronto’s Citizen Lab identified two operators of the spyware it said may have been agents of the Jordanian government. A year earlier, Axios reported on negotiations between Jordan’s government and NSO Group. “We believe this is just the tip of the iceberg when it comes to the use of Pegasus spyware in Jordan, and that the true number of victims is likely much higher,” Access Now said. Its Middle East and North Africa director, Marwa Fatafta, said at least 30 of 35 known targeted individuals were successfully hacked. Read More:-https://apnews.com/article/jordan-hacking-pegasus-spyware-nso-group-99b0b1e4ee256e0b4df055f926349a43 Source Credit:https://timesofindia.indiatimes.com/technology/tech-news/

SINGAPORE: On Jul 18, major news outlets worldwide published an investigation into a massive data leak that showed rights activists, journalists and politicians around the world were targeted by authoritarian governments using hacking software sold by an Israeli surveillance company. The company, NSO Group, produces Pegasus, a type of malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones. The data leak contained more than 50,000 phone numbers suspected to be infected with Pegasus. They belong to hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including ministers, presidents and prime ministers. Notable individuals in this list include French President Emmanuel Macron, Financial Times editor Roula Khalaf and people close to slain Saudi dissident Jamal Khashoggi. Prior to this, a Canada-based research group found in 2018 that some of the infected phones could be in Singapore. However, the presence of a number in the recent leaked data does not mean there was an attempt to infect the phone. Without forensic examination, it is impossible to say whether the phones were attempted to be or successfully hacked using Pegasus. The list of numbers was first obtained by Amnesty International, a human rights watchdog, and Forbidden Stories, a group that focuses on free speech. They then shared the list with a consortium comprising journalists from 17 prominent news outlets. Read More:-https://www.channelnewsasia.com/singapore/pegasus-spyware-singapore-leak-hack-israel-nso-2185236 Source Credit:https://timesofindia.indiatimes.com/technology/tech-news/

Apple is likely to soon notify iPhone users in India and 91 other countries that they may have been targeted by a " mercenary spyware " attack, according to an exclusive report in Economic Times (ET). This type of attack is distinct from typical cybercrime and aims to gain unauthorized access to a user's device. Mercenary spyware attacks, such as those using Pegasus from the NSO Group , are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware, the threat notification mail sent by Apple read reportedly reads. The notification explains that mercenary spyware attacks, unlike common malware, are exceptionally rare and target specific individuals. These attacks are said to be often highly sophisticated, and Apple emphasizes the importance of taking the warning seriously. Read More:-https://timesofindia.indiatimes.com/technology/tech-news/apple-warns-users-in-india-and-91-other-countries-impacted-by-mercenary-spyware-attack/articleshow/109211911.cms#google_vignette Source Credit:https://timesofindia.indiatimes.com/technology/tech-news/

A leading member of the European Parliament on Wednesday condemned Europe’s governing bodies for not doing more to address rampant spyware abuses across the continent. Parliamentarian Sophie in’t Veld, who led the European Parliament’s investigation into the use of spyware in Spain, Greece and Poland, said European governments haven’t curtailed it because they lack the political will to act. “They know what they have to do,” in’t Veld said. “The problem is they don't want to do it.” “They kind of like their little toy and they're very reluctant to give it up,” she added, speaking at a panel hosted by the Center for Democracy and Technology, a digital rights advocacy group. in’t Veld also condemned Europe for exporting spyware to other countries. A general moratorium or ban on spyware in Europe is not under discussion, said Anna Buchta, a senior official with the European Data Protection Supervisor, because many governments want to keep using the tools for law enforcement and national security purposes. That’s despite a checkered history of abuse in countries across the continent, she said. “There is a temptation to just see this as yet another lawful intercept technology,” Buchta said. “We have tried to make the point that it's not just another tool — this is a paradigm shift.” Commercial spyware such as the NSO Group’s Pegasus, which has been deployed against opposition politicians, journalists and other targets across Europe, “brings the intensity and the seriousness of interference with the private life to such a level that it really cannot be compared to a traditional interception of communication,” she added. She said many European states have hidden behind language in the Treaty on the European Union (TEU), the EU's mutual defense clause, to argue that they have the right to deploy Pegasus to protect their national security interests. But in’t Veld and Buchta questioned those assertions, with Buchta saying there is a body of case law in Europe’s Court of Justice that suggests mutual defense and national security concerns “cannot be treated as a blank check.” Read More:-https://therecord.media/eu-failure-spyware-political-will Source Credit:https://therecord.media/

The story so far: The Washington Post and human rights non-profit Amnesty International have alleged that the spyware instance known as Pegasus continues to be in use, on this occasion targeting journalists in India. Based on newfound data from the latter organisation’s Security Lab, the two organisations have said the phones of founding editor of the online news portal The Wire, Siddharth Varadarajan, and South Asia editor of the Organised Crime and Corruption Report Project (OCCRP) Anand Mangnale were infected with the spyware. The alleged incursion was identified in October 2023 following a forensic analysis, and after phone-maker Apple had issued security notifications to its users, including certain Members of Parliament, that their iPhones were being targeted by “state-sponsored attackers”. Read More:-https://www.thehindu.com/news/national/is-pegasus-spyware-targeting-journalists-in-india/article67683399.ece Source Credit:https://www.thehindu.com/news/

Commercial spyware is a dual-use technology: it can theoretically be an essential last-resort tool for the most critical national security and law enforcement investigations, but it carries profound risk of abuse. Criticisms of spyware proliferation have focused primarily on its human rights violations, such as its abusive deployment against journalists, activists, and others merely exercising their freedom of expression and assembly. But like every dual-use technology – drones, small arms, nuclear materials, or biological agents – the proliferation of spyware poses a national security threat to the United States and its allies and partners unless the international community develops and enforces firm regulations and export controls governing their development and sale. In the past, if a government sought to acquire the capabilities of modern commercial spyware, it would have to cultivate the requisite talent base, recruit scores if not hundreds of government hackers from this community, and maintain that workforce indefinitely.1 Today, that workforce can be centralized in a single company headquartered abroad, exporting to dozens of client governments with little regard for how the tools sold are used. The result is as if the Manhattan Project were undertaken by a corporate R&D department in a faraway land and the spread of nuclear weapons was driven not by generals and spy chiefs, but shareholders and c-suites. This status quo is dangerous and unsustainable. When cybersecurity researchers discover a vulnerability in a widely used device or application, they have a financial incentive – and, many would argue, a moral duty – to report that vulnerability to the developer – a process known as a “bug bounty.” However, the emergence of the commercial spyware industry creates a perverse incentive for researchers to sell or use their discovery to help develop hacking tools instead, which not only harms the targets of these hacking tools, but systemically puts all users of the underlying vulnerable technology at risk. Read More:-https://www.thirdway.org/memo/unregulated-spywares-threat-to-national-security Source Credit:https://www.thirdway.org/memo/