Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Spy. Show all posts

Investigation Exposes Covert Israeli Spyware Infecting Targets through Advertisements

 

Insanet, an Israeli software company, has reportedly developed a commercial product named Sherlock, capable of infiltrating devices through online advertisements to conduct surveillance on targets and gather data for its clients. 

This revelation comes from an investigation by Haaretz, which disclosed that the spyware system was sold to a non-democratic country. This marks the first public disclosure of Insanet and its surveillance software. Sherlock is capable of infiltrating devices running Microsoft Windows, Google Android, and Apple iOS, as per the provided marketing information.

According to journalist Omer Benjakob's findings, this is the first instance worldwide where a system of this nature is marketed as a technology rather than a service. Insanet obtained approval from Israel's Defense Ministry to globally market Sherlock as a military product, subject to stringent restrictions, including sales exclusively to Western nations. Even presenting it to potential clients in the West requires specific authorization from the Defense Ministry, which is not always granted.

Founded in 2019, Insanet is owned by individuals with backgrounds in the military and national defense. Its founders include Dani Arditi, former chief of Israel's National Security Council, and cyber entrepreneurs Ariel Eisen and Roy Lemkin. Despite attempts to reach out, Arditi and Lemkin did not respond to inquiries, and Eisen could not be reached for comment.

Insanet affirmed its adherence to Israeli law and strict regulatory guidelines. In marketing its surveillance software, Insanet collaborated with Candiru, an Israel-based spyware manufacturer previously sanctioned in the US. The combined offering includes Sherlock and Candiru's spyware, with the former priced at six million euros ($6.7 million, £5.2 million) for a client.

The Haaretz report cited a Candiru marketing document from 2019, confirming Sherlock's capability to breach Windows-based computers, iPhones, and Android devices. Traditionally, different companies specialized in breaching distinct devices, but this system demonstrates the ability to effectively breach any device.

The Electronic Frontier Foundation's Director of Activism, Jason Kelley, expressed concern over Insanet's use of advertising technology to infect devices and surveil targets. Dodgy online ads not only serve as potential carriers for malware but can also be tailored to specific groups of people, making it particularly worrisome.

Sherlock stands out for leveraging legal data collection and digital advertising technologies, commonly favored by Big Tech and online media, for government-level espionage. This differs from other spyware like NSO Group's Pegasus or Cytrox's Predator and Alien, which tend to be more precisely targeted.

Mayuresh Dani, Qualys' threat research manager, likened the threat to malvertising, where a malicious ad is broadly distributed to unsuspecting users. In this case, however, it involves a two-stage attack: first profiling users using advertising intelligence (AdInt) and then delivering malicious payloads via advertisements, making unsuspecting users vulnerable to such attacks.

Researchers Found Custom Backdoors and Spying Tools Used by Polonium Hackers

 

A threat actor identified as Polonium has been linked to over a dozen highly targeted attacks aimed at Israeli entities using seven different custom backdoors, since September 2021.

According to cybersecurity firm ESET, the intrusions targeted organisations in a variety of industries, including engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. Microsoft has given the chemical element-themed moniker Polonium to a sophisticated operational group believed to be based in Lebanon and known to exclusively target Israeli targets. 

The group's activities were first revealed in June when Microsoft announced the suspension of more than 20 malicious OneDrive accounts created by the adversary for command-and-control (C2) purposes.

The use of implants dubbed CreepyDrive and CreepyBox for their potential to exfiltrate sensitive data to actor-controlled OneDrive and Dropbox accounts has been central to the attacks. CreepySnail, a PowerShell backdoor, has also been deployed. ESET's latest discovery of five previously unknown backdoors highlights an active espionage-oriented threat actor that is constantly refining and retooling its malware arsenal.

ESET researcher Matías Porolli said, "The numerous versions and changes Polonium introduced into its custom tools show a continuous and long-term effort to spy on the group's targets. The group doesn't seem to engage in any sabotage or ransomware actions."

The list of bespoke hacking tools is as follows -
  • CreepyDrive/CreepyBox - A PowerShell backdoor that reads and executes commands from a text file stored on OneDrive or Dropbox.
  • CreepySnail - A PowerShell backdoor that receives commands from the attacker's own C2 server
  • DeepCreep - A C# backdoor that reads commands from a text file stored in Dropbox accounts and exfiltrates data
  • MegaCreep - A C# backdoor that reads commands from a text file stored in Mega cloud storage service
  • FlipCreep - A C# backdoor that reads commands from a text file stored in an FTP server and exfiltrates data
  • TechnoCreep - A C# backdoor that communicates with the C2 server via TCP sockets to execute commands and exfiltrate data
  • PapaCreep - A C++ backdoor that can receive and execute commands from a remote server via TCP sockets

PapaCreep, discovered in September 2022, is a modular malware with four distinct components designed to run commands, receive and send commands and their outputs, and upload and download files.

The Slovak cybersecurity firm also discovered several other modules responsible for keystroke logging, screenshot capture, webcam photography, and establishing a reverse shell on the compromised machine. Despite the abundance of malware used in the attacks, the initial access vector used to breach the networks is unknown at this time, though it is suspected that it involved the exploitation of VPN flaws.

Porolli concluded, "Most of the group's malicious modules are small, with limited functionality. They like to divide the code in their backdoors, distributing malicious functionality into various small DLLs, perhaps expecting that defenders or researchers will not observe the complete attack chain."

By Tempering Apps In Samsung, Hackers can Spy the Users

 

Hackers can now snoop on users by manipulating the pre-installed Samsung apps. 

Hackers can monitor users and probably control the whole system altogether. Alarmingly, the vulnerabilities appear to be part of a much larger group of exploitable flaws. A security scientist of Samsung summarized the situation to the bug bounty program of the technological giant. 

Samsung works to patch numerous vulnerabilities that impact its smartphones, that can be exploited to spy or control the system in the wild. 

Sergey Toshin — the creator of the Oversecured mobile app security company — uncovered more than a dozen flaws that affect Samsung devices from the beginning of the year. 

The information in three of them is currently light due to the noteworthy risk to users. Toshin said that the less pressing of these problems would allow attackers to obtain SMS messages if they deceived the victim without going into particulars. 

However, the other two are more problematic, as they are more robust. No action by Samsung's device owner is required to exploit them. An attacker might use it to read and/or write high permission arbitrary files. 

It is uncertain when the improvements are presented to the consumers because generally the process takes approximately two months to assure that the patch doesn't cause other complications. 

All three safety vulnerabilities have been reported responsibly by Toshin and are currently awaiting the bounties. 

The hacker has earned about $30,000 from Samsung alone since the beginning of the year, to reveal 14 vulnerabilities. Meanwhile, three more vulnerabilities await a patch. In a blog post Toshin shares technical specifics and proof-of-concept user instructions on seven of these issues that have been patched beforehand, bringing $20,690 in bounties. 

For discovering and acquainting Samsung about the issues (CVE-2021-25393) in the Settings app that arbitrarily allowed hackers to gain access to read/write Toshin won a hefty bounty of $5460. 

To mitigate possible security threats, users should use the latest firmware upgrades from the fabricators. 

Toshin has identified over 550 vulnerabilities through HackerOne's platform and several bug bounty programs over the US $1 million in bug prizes.

The Samsung Group is a global South Korean conglomerate based in Samsung Town, Seoul. It consists of many affiliates and the majority of them are under the mark of Samsung (business conglomerate). Also, it is the most prominent South Korean chaebol. 

Hackers can now spy on your conversations via a simple house bulb


What if hackers can spy and record your conversation without a digital device? What if your conversations could be retrieved by a simple, dumb bygone old-fashioned light bulb? Well, it might so be true.


Researchers from the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel have been researching on sound waves as a means for eves dropping by studying the effect of these waves on objects and they successfully discovered a method of retrieving conversations through a simple light bulb from as far as 25 meters.

When we think of a privacy breach, it tends to come from android devices or hacked accounts or in some cases devices like Alexa or Google Home or Siri but these researchers don’t even need to plant a device much than implant a malware. They just need a clear vision of a bulb from less than 25 meters, bizarre isn’t it?

They called this method "Lamphone" – a side-channel attack for eavesdropping sound. But there are some major limitations; first, the need of a clear view of the bulb, if the bulb is even slightly obscured by a curtain or a lampshade- the method won’t work then the light bulb concerned should meet the requirements in the aspect of the thickness of glass or output of light and lastly, the quality of the sounds picked up will depend on the proximity of people to the bulb and loudness of their conversation.

How does it work? 

Even with its drawbacks, there’s no doubt Lamphone is a genius method for spying conversations from afar. The researchers say they analyze the bulb’s frequency reaction to sound via a remote electro-optical sensor. The electro-optical sensor is attached to a telescope that views the bulb. The sensor picks up the vibrations on the surface of the bulb that occurred by changes in air pressure caused by the sound waves, an analog to digital converter converts the electrical signals to digital.
“We analyze a hanging bulb’s response to sound via an electro-optical sensor and learn how to isolate the audio signal from the optical signal. Based on our analysis, we develop an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor”, writes the researchers. 

Lamphone can be used to recover human speech (can be identified by Google Cloud Speech API) and singing (can be identified by Shazam and SoundHound).

1,600 Motel Guests Were Secretly Streamed Live






South Korea has arrested four men accused of online streaming of the “intimate private activities” of 1600 hotel rooms.

The men allegedly installed mini cameras in TVs, hair-dryer holders, and sockets, to record all the private activities which were sold on online platforms for up to $6,200.

If the allegations proved right, then they could face jail up to 10 years and a  30m won ($26,571; £20,175) fine.

The men created a website in November, where they allowed users to pay for full videos or watch 30-second clips for free. They reportedly posted 803 videos and earned money from 97 paying members before the website was taken down.

"The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity," a spokesman for the Seoul Metropolitan Police Agency told the local newspaper the Korea Herald.

The recent incident has sparked a nationwide protest against the filming of sex and nudity as the number of such incidences have increased many folds.

"There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said.

Goa DGP calls Alexa a spy

Goa Director General of Police (DGP), Muktesh Chander, while speaking at a cybersecurity seminar on Thursday, 21 February, warned people from excessive use of Amazon's artificial intelligence assistant Alexa, saying that these assistants are acting like spies and collecting private information, The Indian Express reported.

“And what Alexa does. All the time it is listening. Everything. Every word you are saying, Alexa is listening and passing it on to Google. (Chander then corrects himself and says Amazon)."

Chander, who is also a cybersecurity expert, was delivering a keynote address at a seminar on ‘Cyber Security for Industry’ in Panaji.

“Sounds.pk… PK are Pakistani sites. Why are they giving sounds free of cost?” Chander said, adding that the songs.pk website promotes a “compromised Chinese-made browser” to glean information from a user’s phone. “Has anybody tried downloading this songs.pk? All of a sudden if you are trying on mobile, one thing is bound to come up… UC browser. Have you heard of that? Because UC browser is… a Chinese browser. It is collecting all the information. So there is a hidden agenda,” Chander said.