Dec 20 2021

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

  • Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists.
  • A Google blog has revealed how the sophisticated software was used to attack iPhone users.
  • The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge.

The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by governments and regimes across the world including India to spy on journalists, activists, opposition leaders, ministers, lawyers and others. The spyware is accused of hacking into the phones of at least 180 journalists around the world, of which 40 are notable Indian personalities.

Now, a Google blog from the Project Zero team called the attacks technically sophisticated exploits and assessed the software to have capabilities rivalling spywares previously thought to be accessible to only a handful of nations.

The company has also faced multiple lawsuits including one in India where the Supreme Court (SC) set up a three-member panel headed by former SC judge RV Raveendran to probe whether the software was used by the government to spy on journalists and other dissidents.

Apart from India, Apple has also sued the Israeli firm after having patched its security exploit. The company was also banned in the United States after the details of the spyware were revealed. Let’s take a look at how this advanced snooping technology discretely worked on iPhones.

How Pegasus hacked iPhones

According to the Project Zero blog, a sample of the ForcedEntry exploit was worked upon by the team and Apple’s Security Engineering and Architecture (SEAR) group. Pegasus attacks on iPhones were possible due to the ForcedEntry exploit.

Best iPhone in 2021: Which model is right for you? | ZDNet

Pegasus is a spyware (Trojan/Script) that can be installed remotely on devices running on Apple ‘ s iOS & Google ‘ s Android operating systems. It is developed and marketed by the Israeli technology firm NSO Group. NSO Group sells Pegasus to ” vetted governments ” for ” lawful interception ” , which is understood to mean combating terrorism and organized crime, as the firm claims, but suspicions exist that it is availed for other purposes. Pegasus is a modular malware that can initiate total surveillance on the targeted device, as per a report by digital security company Kaspersky. It installs the necessary modules to read the user’s messages and mail, listen to calls, send back the browser history and more, which basically means taking control of nearly all aspects of your digital life. It can even listen in to encrypted audio and text files on your device that makes all the data on your device up for grabs.

Tags: A Privacy Killer, hacked iphone, NSO Group, Pegasus spyware


Nov 17 2021

Hackers Compromised Middle East Eye News Website to Hack Visitors, Researchers Say

Category: Cyber Spy,Information Security,SpywareDISC @ 12:11 am

Cybersecurity researchers tracked a hacking campaign spanning more than a year that hit around 20 websites – Israeli spyware vendor Candiru, recently blacklisted by the US, waged “watering hole” attacks on UK and Middle East websites critical of Saudi Arabia and others 

A group of hackers compromised a popular London-based news website that focuses on the Middle East with the goal of hacking its visitors, according to researchers. 

IMAGE: JUSTIN SETTERFIELD/GETTY IMAGES

On Tuesday, cybersecurity firm ESET published a report detailing the hacking campaign, which spanned from March 2020 until August of this year. During this time, according to the report, hackers compromised around 20 websites, including Middle East Eye, a popular independent news site that covers the Middle East and Africa and is based in the UK. 

The hackers compromised these websites in what are technically known as watering hole attacks, a type of cyberattack where hackers use legitimate websites to target people who visit them. In this case, the hackers did not target all visitors of the websites, but only specific ones, according to ESET.

“We were never able to get the final payload. So it shows that attackers are very careful in the selection of the targets,” Matthieu Faou, a researcher at ESET, told Motherboard in a phone call. 

Because the researchers could not retrieve the malware, “we don’t know who are the final targets,” Faou said. 

ESET researchers explained in the report that the hackers also compromised several government websites in Iran, Syria, and Yemen, as well as the sites of an Italian aerospace company and a South African government owned defense conglomerate—all websites with links to the Middle East. The hackers, according to ESET, may have been customers of the Israeli spyware vendor Candiru, a company that was recently put on a denylist by the US Government. 

Candiru is one of the most mysterious spyware providers out there. The company has no website, and it has allegedly changed names several times. Candiru offers “high-end cyber intelligence platform dedicated to infiltrate PC computers, networks, mobile handsets,” according to a document seen by Haaretz. The Israeli newspaper was the first one to report Candiru’s existence in 2019. Since then, several cybersecurity companies and groups such as Kaspersky Lab, Microsoft, Google, and Citizen Lab, have tracked its malware.  

7 Steps to Removing Spyware by Nick Laughter


Oct 26 2021

New York Times Journalist Hacked with NSO Spyware

Category: SpywareDISC @ 2:06 pm

Spyware : It’s Not What You Think

Spyware

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Tags: cyberweapons, Hacking, Israel, NSO Spyware, Spyware


Sep 23 2021

How to protect the corporate network from spyware

Category: Cyber Spy,SpywareDISC @ 1:55 pm

There are a range of security policies for dealing with users’ smartphones, from the most restrictive approach – no smartphone access allowed – to an open approach that allows personal phones to connect to the internal corporate network. We suggest that the right solution is somewhere in between.

You may have read about the Pegasus spyware in the news; the NSO Group’s software exploits flaws in iOS (iPhones) to gain access to data on an unsuspecting target’s phone. NSO sells Pegasus to governments, ostensibly to track criminals, but it’s often used by repressive regimes to spy on their opponents, political figures, and activists.

In the past, Pegasus infections were primarily achieved by sending a link to the victim’s phone; when the target clicked on it, they would trigger an exploit that would allow attackers to gain root access to the phone. Once the spyware obtains root access, it can read messages on apps like iMessage, WhatsApp, Telegram, Gmail and others. A sophisticated command and control network can report back to the operator and control the phone as well.

Reducing the risk

What Is Pegasus? All About the Infamous Software (Infographic)

anti-spyware A Complete Guide

How To Protect Yourself From Adware Or Spyware

Tags: anti-spyware, Pegasus spyware, Spyware and Adware


Aug 04 2021

Paragon: Yet Another Cyberweapons Arms Manufacturer

Category: Cyberweapons,SpywareDISC @ 4:35 pm

Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.

Tags: Paragon


Aug 03 2021

BazarCaller – the malware gang that talks you into infecting yourself

Category: Malware,Security Awareness,SpywareDISC @ 10:29 am

You’re almost certainly familiar with vishing, a phone-based scam in which cybercriminals leave messages on your voicemail in the hope that you’ll call them back later to find out what’s going on.

In fact, if you have a long-standing phone number, like we do, you may well get more of these scam calls (perhaps even many more of them) than genuine calls, so you’ll know the sort of angle they take, which often goes along these lines:

[Synthetic voice] Your Amazon Prime subscription will auto-renew. Your card will be billed for [several tens of dollars]. To cancel your subscription or to discuss this renewal, press 1 now.

Sometimes, they’ll read out the number to call them back on, to re-iterate not only that it matches the number that shows up in your call history, but also that it’s a local number, right there in your own town or country.

The crooks do this to “prove” that caller is local too, rather than sitting overseas in some scammy boiler-room call centre, far from the reach of law enforcement and the regulators in your part of the world.

BazarCaller – the malware gang that talks you into infecting yourself

Scam Me If You Can

Tags: BazarCaller, Scam Me If You Can, Spam


Aug 02 2021

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

Category: Cyber Spy,SpywareDISC @ 10:27 am
Image: Alya Alhwait, Alaa Al-Siddiq, Ghada Oueiss, Loujain Al-Hathloul

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware

Ghada Oueiss, a Lebanese broadcast journalist at Al-Jazeera, was eating dinner at home with her husband last June when she received a message from a colleague telling her to check Twitter. Oueiss opened up the account and was horrified: A private photo taken when she was wearing a bikini in a jacuzzi was being circulated by a network of accounts, accompanied by false claims that the photos were taken at her boss’s house.

Over the next few days she was barraged with thousands of tweets and direct messages attacking her credibility as a journalist, describing her as a prostitute or telling her she was ugly and old. Many of the messages came from accounts that appeared to support Saudi Crown Prince Mohammed bin Salman Al Saud, known as MBS, including some verified accounts belonging to government officials.

“I immediately knew that my phone had been hacked,” said Oueiss, who believes she was targeted in an effort to silence her critical reporting on the Saudi regime. “Those photos were not published anywhere. They were only on my phone.”

“I am used to being harassed online. But this was different,” she added. “It was as if someone had entered my home, my bedroom, my bathroom. I felt so unsafe and traumatized.”

Source: Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

You Are Being Targeted – How to Keep Yourself Safe in a Connected World! (Survival and Security Series Book 1) by [Harvey Toogood]

Privacy

Tags: journalists targeted, Pegasus spyware, private photos shared on social media by governments, Spyware


Jul 31 2021

WhatsApp chief says government officials, US allies targeted by Pegasus spyware

Category: SpywareDISC @ 1:52 pm
What is Pegasus spyware and how does it hack phones? | Surveillance | The  Guardian

Source: The officials were allegedly targeted in attacks dating back to 2019.

Speaking to The Guardian, WhatsApp’s chief executive, Will Cathcart, said there are “parallels” between the 2019 attacks and a recent data leak allegedly implicating NSO Group clients in widespread cybersurveillance.

Israeli vendor NSO Group has experienced bad press in recent weeks due to a damning report issued by Forbidden Stories, Amnesty International, and various media outlets worldwide.

Forbidden Stories claimed that a leaked list of over 50,000 phone numbers allegedly revealed individuals either “of interest” or selected for targeting by clients. According to the non-profit’s Pegasus project, while an appearance on the list does not mean that someone was targeted or compromised by Pegasus, infection by the firm’s spyware was confirmed in “dozens” of cases. 

Pegasus spyware has capabilities including remote access, both email and browser monitoring, location checks, information exfiltration, call recording, and the extraction of conversations across messaging applications including WhatsApp and Facebook. 

NSO Group markets its products for use in criminal and terrorism-related investigations.

Alongside the alleged targeting of government officials, journalists, diplomats, political dissidents, lawyers, and activists were reportedly included in the leak. 

Tags: Pegasus spyware


Jul 22 2021

XLoader, a $49 spyware that could target both Windows and macOS devices

Category: Information Security,SpywareDISC @ 10:30 am

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs.

XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. 

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. FormBook can also receive commands from a command-and-control (C2) server to perform many malicious activities, such as downloading more payloads. FormBook was offered for sale in the criminal underground since July, it goes for $29 a week up to a $299 full-package “pro” deal. The customers pay for access to the platform and generate their executable files as a service.

The malware was pulled from sale in 2017, but it continued to infect systems across the world. In March 2020, MalwareHunterTeam uncovered a Coronavirus (COVID-19)-themed campaign that was distributing a malware downloader that delivers the FormBook information-stealing Trojan.

CPR team has now monitored XLoader since it first appeared in the threat landscape in February. XLoader borrows the code base with Formbook, but it also included major improvements, such as the capability of compromising macOS systems.

“On February 6, 2020 a new era began: the era of the Formbook successor called XLoader. On this day, XLoader was advertised for sale in one of the underground groups.” states the report published by CheckPoint. “On October 20, 2020, XLoader was offered for sale on the same forum which was used for selling Formbook.”

XLoader, a $49 spyware that could target both Windows and macOS devices

Tags: Spyware, XLoader


Jul 21 2021

Defending Against Pervasive Spyware

Category: SpywareDISC @ 10:42 am

The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press.

The spyware successfully infiltrated the mobile devices of more than 50,000 people, from Mexican president AndrĂ©s Manuel LĂłpez Obrador to reporters from CNN to Claude Mangin, the French wife of a political activist jailed in Morocco.

Simply put: if spyware can infect and infiltrate the world’s elite on every corner of the planet, that means the threat to organizations and individuals must be taken seriously. Spyware impacts everyone.

Moreover, in today’s work-from-anywhere world, mobile devices are critical to any job, and the ability to access email, customer information and proprietary data while on the go is non-negotiable.

Mobile Devices are Mission-Critical

Because of the wealth of data that can be accessed from a mobile device, companies must treat these devices as mission-critical to business continuity.

This means having control and visibility into what is happening on a mobile device, so they can prevent spyware attacks from compromising critical data.

Shawn Smith, director of infrastructure at application security provider nVisium, pointed out that the transition to a remote work style has changed the attack vector for spyware slightly.

“For example, in the past, all the networking gear in an office would be tightly controlled, monitored and patched for security issues as needed,” he said. “However, in a world where employees can work from anywhere, their home networking equipment becomes a new security issue.”

Smith said with such a wide variety of equipment that can be used, often in an unmaintained and unsecured state, this makes the issue of spyware much harder to defend against.

“You have to double your efforts on the security and encryption of the devices you can control, such as the employee’s corporate computer, and rely less on the network monitoring approach that was used in the past,” he said.

Tags: Pervasive Spyware


« Previous Page