Data Harvesting | Breaking Cybersecurity News | The Hacker News

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications on a device. The interdisciplinary lab said it identified the six governments as "suspected Paragon deployments" after mapping the server infrastructure suspected to be associated with the spyware. The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite. The attacks were disrupted in December 2024. Targets of these attacks included individuals spread across over two dozen countries, including several in Europe such as Belgium, Greece, Latvia, Lithuania, Austria,...

The threat actor known as  ToddyCat  has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in the Asia-Pacific region. "To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as much as possible, and provide several alternative means to continuously access and monitor systems they attack," security researchers Andrey Gunkin, Alexander Fedotov, and Natalya Shornikova  said . ToddyCat was  first documented  by the company in June 2022 in connection with a series of cyber attacks aimed at government and military entities in Europe and Asia since at least December 2020. These intrusions leveraged a passive backdoor dubbed S...

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region," Dutch mobile security firm ThreatFabric  said  in a report shared with The Hacker News. Chameleon was  previously documented  by Cyble in April 2023, noting that it had been used to single out users in Australia and Poland since at least January. Like other banking malware, it's known to abuse its permissions to Android's accessibility service to harvest sensitive data and conduct overlay attacks. The rogue apps containing the earlier version were hosted on phishing pages and found to impersonate genuine institutions in the countries, such as the Australian Taxation Offi...