Search results for What is spyware | Breaking Cybersecurity News | The Hacker News

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor Ventura  said  in a report shared with The Hacker News. "However, by April 2022, that capability was being offered to their customers." Predator is the product of a consortium called the Intellexa Alliance, which includes Cytrox (subsequently acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were  added  to the Entity List by the U.S. in July 2023 for "trafficking in cyber exploits used to gain access to information systems." The latest findings come more than six months after the cybersecurity vendor detai...

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was  first documented  by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of another loader component known as Alien, is equipped to record audio from phone calls and VoIP-based apps as well as gather contacts and messages, including from Signal, WhatsApp, and Telegram. Its other functionalities allow it to hide applications and prevent applications from being executed upon rebooting the handset. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos  said  in a technical report. Spyware lik...

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installs, and File Manager (com.file.box.master.gkd) with over 500,000 installs, are developed by the same group. These seemingly harmless Android apps use similar malicious tactics and automatically launch when the device reboots without user input. Contrary to what they claim on the Google Play Store, where both apps assure users that no data is collected, Pradeo's analytics engine has found that various personal information is collected without users' knowledge. Stolen data includes contact list...

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021. The names of the victims were not disclosed. It's also suspected that the company abused a zero-click exploit dubbed  ENDOFDAYS  in iOS 14 to deploy spyware as a zero-day in version 14.4 and 14.4.2. There is no evidence that the exploit has been used after November 2021. ENDOFDAYS "appears to make use of invisible iCloud calendar invitations sent from the spyware's operator to victims," the researchers said , adding the .ics files contain invites to two backdated and overlapping events so as to not alert the users.  The attacks are suspected to have leveraged a quirk in iO...

The Syrian situation is getting worse day by day, the regime is attacking dissident mercilessly meanwhile the world wide community is standing by and watch helplessly stopped by prohibition of military intervention imposed by Russia and China, historical allies of Damascus. Syria regime is fierce against the rebels in the streets as in cyber space, we have already discussed of the persecution of opposition made using spyware to catch the rebels. Syrian regime is also convinced that leaks from the country on the massacres by the regime might aggravate the position of the government and then several times in the last year the government has stopped internet access in the country thanks to a kill switch. In this hours it has been registered an unprecedented national internet blackout while the battle with rebels raging in the country and in the capital. This time the blackout as totally isolated the country blocking also land lines and cellphone networks. On the incident is started a m...

Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang (XUAR) is an autonomous territory and home to many Muslim ethnic minority groups where China is known to be conducting massive surveillance operations, especially on the activities of Uighurs, a Muslim Turkic minority group of about 8 million people. The Chinese government has blamed the Muslim Turkic minority group for Islamic extremism and deadly attacks on Chinese targets. According to a joint investigation by New York Times , the Guardian, Süddeutsche Zeitung and more, the surveillance app has been designed to instantly extract emails, texts, calendar entries, call records, contacts and insecurely uploads them to a local server set-up at the check-point only. This suggests that the spyware app has not been designed to continuously and remote...

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its  Adversarial Threat Report  for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality," the company said. The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries. These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, R...

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which  discovered the operation  after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian cybersecurity company has codenamed the backdoor  TriangleDB . "The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers  said  in a new report published today. "It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again." Operation Triangulation ...

Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged. What information are hackers looking for during recon? When running recon on an organization, hackers – whether white or black hats - are "casing a joint." To plan their attack, they will try and uncover as much information as possible about: Your infrastructure The types ...

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection. "This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists," security researcher Dmitry Kalinin said in a new technical report published Monday. It's currently not clear how the spyware is distributed, but the Russian company said it's likely deployed through either an unknown security flaw or direct physical access to the target phone. The malware-laced apps are disguised as Alipay or an Android system service. LianSpy, once activated, determines if it's running as a system app to operate in the background using administrator privi...

If you own a Sony smartphone either the Android 4.4.2 or 4.4.4 KitKat firmware then inadvertently you may be transmitting your data back to the servers in China, even if you haven't installed any application. Quite surprising but it's true. I know many of you haven't expected such practices from a Japanese company, but reports popping up at several forums suggest that some new Sony Xperia handsets seem to contain the Baidu spyware . MYSTERIOUS BAIDU SPYWARE About a month ago, a group of community users of Sony smartphone detected the presence of a strange folder, named " Baidu ", mysteriously appeared from among those present in various versions of Android for these handsets. The creepy part is that the folder is created automatically without the owners permission and there is no way of deleting it. Even if someone tries to remove it, it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing, neither does starting t...

IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it's difficult to monitor external malicious environments – which only makes them that much more threatening.  In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The cybersecurity incident involved the DC Health Link, an online marketplace that administers health plans for members of Congress and Capitol Hill staff. According to news reports, the FBI had successfully purchased a portion of the data – which included social security numbers and other sensitive information – on the dark web.  Because of the prominence of the victims, the story was picked up by a slew of media outlets that rarely cover dark web-related cybersecurity crimes. The story not only shed light on one of the most dangerous aspects of the internet, it reminded us that the dar...

Amnesty International, one of the most prominent non-profit human rights organizations in the world, claims one of its staff members has been targeted by a sophisticated surveillance tool made by Israel's NSO Group. The NSO Group is an Israeli firm that's mostly known for selling high-tech spyware and surveillance malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world. The company's most powerful spyware called Pegasus for iPhone , Android , and other mobile devices has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates. Pegasus has been designed to hack mobile phones remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, emails, WhatsApp messages , user's location, microphone, and camera —all without the victim's knowl...

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive. Once upon a time, a computer virus might cause considerable inconvenience, but its reach might have been limited to the handful of systems connected to the internet. Today, with every home, factory, and institution online, it's theoretically possible for malware to shut down an entire nation. That's where malware analysis comes in. Malware analysis is the process of isolating and reverse-engineering malicious software. Malware analysts draw on a wide range of skills, from programming to digital forensics, to identify and understand different types of malware. From there, they can design security solutions to protect computers from sim...