#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

spyware | Breaking Cybersecurity News | The Hacker News

Category — spyware
Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

Jun 13, 2024 Threat Intelligence / Mobile Security
The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often these are existing applications that had been trojanized by the addition of AridSpy's malicious code." The activity is said to have spanned as many as five campaigns since 2022, with prior variants of AridSpy documented by Zimperium and 360 Beacon Labs . Three out of the five campaigns are still active. Arid Viper, a suspected Hamas-affiliated actor which is also called APT-C-23, Desert Falcon, Grey Karkadann, Mantis, and Two-tailed Scorpion, has a long track record of using mobile malware since its emergence in 2017. "Arid Viper has historically targeted mil...
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

Jun 08, 2024 Artificial Intelligence / Privacy
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall , currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on users' screens every five seconds, which are subsequently analyzed and parsed to surface relevant information. But the feature, meant to serve as some sort of an AI-enabled photographic memory, was met with instantaneous backlash from the security and privacy community, which excoriated the company for having not thought through enough and implementing adequate safeguards that could prevent malicious actors from easily gaining a window into a victim's digital life. The recorded information could include screenshots of documents, emails, or messages containing sensitive details that may have been deleted or shared temporarily using disappearing ...
Don't Overlook These 6 Critical Okta Security Configurations

Don't Overlook These 6 Critical Okta Security Configurations

Feb 10, 2025Identity Security / Data Protection
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...
LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

Jun 07, 2024 Mobile Security / Spyware
Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant. The findings come from both Huntress Labs and ThreatFabric , which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS, Linux, and routers from NETGEAR, Linksys, and ASUS. "The Threat actor group used two publicly available exploits ( CVE-2018-4233 ,  CVE-2018-4404 ) to deliver implants for macOS," ThreatFabric said in a report published last week. "Part of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. macOS version 10 was targeted using those exploits." LightSpy was first publicly reported in 2020, although subsequent reports from Lookout and the Dutch mobile security firm have revealed possible connections between the spyware and an Android s...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

May 06, 2024 Spyware / Malware
Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed  Cuckoo  by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are indications that the binary is hosted on sites like dumpmedia[.]com, tunesolo[.]com, fonedog[.]com, tunesfun[.]com, and tunefab[.]com that claim to offer free and paid versions of applications dedicated to ripping music from streaming services and converting it into the MP3 format. The disk image file downloaded from the websites is responsible for spawning a bash shell to gather host information and ensuring that the compromised machine is not located in Armenia, Belarus, Kazakhstan, Russia, Ukraine. The malicious binary is executed only if the locale check is successful. It also establishes persis...
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

Apr 23, 2024 Spyware / Cyber Espionage
The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of  commercial spyware  or who are immediately family members of those involved in such businesses. "These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel," the department  said . The names of those subjected to visa restrictions were not disclosed, but the move comes more than two months after the U.S. government said it's  enacting a new policy  that enforces visa constraints on people engaging in practices that could threaten privacy and freedom of expression. It also aims to counter the misuse and proliferation of commercial spyware that has been put to use by authoritarian gover...
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Apr 15, 2024 Spyware / Mobile Security
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called  LightSpy . "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team  said  in a report published last week. There is evidence to suggest that the campaign may have targeted India based on  VirusTotal   submissions  from within its borders. First documented in 2020 by Trend Micro and Kaspersky,  LightSpy  refers to an advanced iOS backdoor that's distributed via watering hole attacks through compromised news sites. A subsequent analysis from ThreatFabric in October 2023  uncovered  infrastructure and functionality overlaps between the malware and DragonEgg, a fully-featured Android spyware attributed to the Chinese nation-state group APT41 (aka Winnti)...
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks

Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks

Apr 11, 2024 Spyware / Cyber Espionage
Apple on Wednesday  revised  its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted attacks of such exceptional cost and complexity." "Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global," Apple  said . "The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today." The update marks a change in wording that previously said these "threat notifications" are designed to inform and assist users who may have been targeted by state-sponsored...
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

Mar 02, 2024 Spyware / Privacy
A U.S. judge has ordered NSO Group to hand over its source code for  Pegasus  and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which  filed the lawsuit  in October 2019 for using its infrastructure to  distribute the spyware  to approximately 1,400 mobile devices between April and May. This also  included  two dozen Indian activists and journalists. These attacks leveraged a then zero-day flaw in the instant messaging app ( CVE-2019-3568 , CVSS score: 9.8), a critical  buffer overflow bug  in the voice call functionality, to deliver Pegasus by merely placing a call, even in scenarios where the calls were left unanswered. In addition, the attack chain included steps to erase the incoming call information from the logs in an attempt to sidestep detection. Court documents released late last month show t...
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

Feb 23, 2024 Privacy / Regulatory Compliance
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was sold to third-parties without their consent. The FTC, in its complaint,  said  Avast "unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and without consumer consent." It also accused the U.K.-based company of deceiving users by claiming that the software would block third-party tracking and protect users' privacy, but failing to inform them that it would sell their "detailed, re-identifiable browsing data" to more than 100 third-partie...
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Feb 19, 2024 Mobile Security / Cyber Espionage
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its  Adversarial Threat Report  for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality," the company said. The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries. These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, R...
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

Feb 07, 2024 Spyware / Zero-Day Vulnerability
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the  Pall Mall Process , aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by establishing guiding principles and policy options for States, industry, and civil society in relation to the development, facilitation, purchase, and use of such tools. The declaration stated that "uncontrolled dissemination" of spyware offerings contributes to "unintentional escalation in cyberspace," noting it poses risks to cyber stability, human rights, national security, and digital security. "Where these tools are used maliciously, attacks can access victims' devices, listen to calls, obtain photos and remotely operate a camera and microphone via 'zero-click...
Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

Feb 05, 2024 Spyware / Surveillance
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been  publicly confirmed  as  targeted , out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken place from at least 2019 until September 2023. "In some cases, perpetrators posed as journalists, seeking an interview or a quote from victims, while embedding malicious links to Pegasus spyware amid and in between their messages," Access Now  said . "A number of victims were reinfected with Pegasus spyware multiple times — demonstrating the relentless nature of this targeted surveillance campaign." The Israeli company has been under the radar for failing to implement rigorous human rights safeguards prior to selling ...
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

Jan 17, 2024 Spyware / Forensic Analysis
Cybersecurity researchers have identified a "lightweight method" called  iShutdown  for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's  Pegasus , QuaDream's  Reign , and Intellexa's  Predator .  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named "Shutdown.log," a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics. "Compared to more time-consuming acquisition methods like forensic device imaging or a full iOS backup, retrieving the Shutdown.log file is rather straightforward," security researcher Maher Yamout  said . "The log file is stored in a sysdiagnose (sysdiag) archive." The Russian cybersecurity firm said it identified entries in the log file that recorded instances where "sticky" processes, such as ...
Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

Dec 28, 2023 Spyware / Hardware Security
The  Operation Triangulation  spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which  discovered  the  campaign  at the beginning of 2023 after becoming one of the targets,  described  it as the "most sophisticated attack chain" it has ever observed to date. The campaign is believed to have been active since 2019. Operation Triangulation gets its name from the use of a fingerprinting technique called canvas fingerprinting to draw a yellow triangle on a pink background with Web Graphics Library ( WebGL ) in the device's memory. The exploitation activity involved the use of four zero-day flaws that were fashioned into a chain to obtain an unprecedented level of access and backdoor target devices running iOS versions up to iOS 16.2 with the ultimate goal of gathering ...
Expert Insights / Articles Videos
Cybersecurity Resources