Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Spyware. Show all posts
WhatsApp
AI Backdoor Data Encryption Pegasus Spyware Technology WhatsApp

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data


Law demanding companies to provide encrypted data

New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed.

France has proposed a law requiring end-to-end encryption messaging apps like WhatsApp and Signal, and encrypted email services like Proton Mail to give law enforcement agencies access to decrypted data on demand. 

The move comes after France’s proposed “Narcotraffic” bill, asking tech companies to hand over encrypted chats of suspected criminals within 72 hours. 

The law has stirred debates in the tech community and civil society groups because it may lead to building of “backdoors” in encrypted devices that can be abused by threat actors and state-sponsored criminals.

Individuals failing to comply will face fines of €1.5m and companies may lose up to 2% of their annual world turnover in case they are not able to hand over encrypted communications to the government.

Criminals will exploit backdoors

Few experts believe it is not possible to bring backdoors into encrypted communications without weakening their security. 

According to Computer Weekly’s report, Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said, “A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cyber criminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”

Researchers stress that the French proposals aren’t technically sound without “fundamentally weakening the security of messaging and email services.” Similar to the “Online Safety Act” in the UK, the proposed French law exposes a serious misunderstanding of the practical achievements with end-to-end encrypted systems. Experts believe “there are no safe backdoors into encrypted services.”

Use of spyware may be allowed

The law will allow using infamous spywares such as NSO Group’s Pegasus or Pragon that will enable officials to remotely surveil devices. “Tuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT Security Act and Germany’s Telecommunications Act (TKG) which require companies to secure their customer’s data,” reports Computer Weekly.

Read more »
zero click
Cyber Attacks Paragon Solutions Spyware WhatsApp zero click

WhatsApp Alerts Users About a Dangerous Zero-Click Spyware Attack

 


WhatsApp has warned users about a highly advanced hacking attack that infected nearly 90 people across 24 countries. Unlike traditional cyberattacks that rely on tricking victims into clicking malicious links, this attack used zero-click spyware, meaning the targets were hacked without taking any action.  


What Happened?

Hackers exploited a security vulnerability in WhatsApp to send malicious documents to the victims’ devices. These documents contained spyware that could take control of the phone without the user clicking or opening anything.  

According to reports, the attack was linked to Paragon Solutions, an Israeli company that develops spyware for government agencies. While governments claim such tools help in law enforcement and national security, they have also been misused to spy on journalists, activists, and members of civil society.  


Who Was Targeted?

The specific names of the victims have not been disclosed, but reports confirm that journalists and human rights advocates were among those affected. Many of them were based in European nations, but the attack spread across multiple regions.  

WhatsApp acted quickly to disrupt the attack and alerted the affected users. It also referred them to Citizen Lab, a cybersecurity research group that investigates digital threats.  


What is a Zero-Click Attack?  

A zero-click attack is a form of cyberattack where hackers do not need the victim to click, open, or download anything. Instead, the attack exploits weaknesses in apps or operating systems, allowing spyware to be installed silently.  

Unlike phishing attacks that trick users into clicking harmful links, zero-click attacks bypass user interaction completely, making them much harder to detect or prevent.  


How Dangerous Is This Spyware? 

Once installed, the spyware can:  

1. Access private messages, calls, and photos  

2. Monitor activities and track location  

3. Activate the microphone or camera to record conversations  

4. Steal sensitive personal data

Cybersecurity experts warn that such spyware can be used for mass surveillance, threatening privacy and security worldwide.  


Who is Behind the Attack?  

WhatsApp has linked the spyware to Paragon Solutions, but has not revealed how this conclusion was reached. Authorities and cybersecurity professionals are now investigating further.  


How to Stay Safe from Spyware Attacks

While zero-click attacks are difficult to prevent, you can reduce the risk by:  

1. Keeping Your Apps Updated – Always update WhatsApp and your phone’s operating system to patch security flaws.  

2. Enabling Two-Factor Authentication (2FA) – This adds an extra layer of security to your account.  

3. Being Cautious with Unknown Messages – While this attack required no interaction, remaining alert can help protect against similar threats.  

4. Using Encrypted and Secure Apps – Apps with end-to-end encryption, like WhatsApp and Signal, make it harder for hackers to steal data.  

5. Monitoring Unusual Phone Activity – If your phone suddenly slows down, heats up, or experiences rapid battery drain, it may be infected. Run a security scan immediately.  

This WhatsApp attack is a reflection of the growing threats posed by spyware. As hacking methods become more advanced and harder to detect, users must take steps to protect their digital privacy. WhatsApp’s quick response limited the damage, but the incident highlights the urgent need for stronger cybersecurity measures to prevent such attacks in the future.


Read more »
Spyware Attack
Cyber Attacks Hacking WhatsApp Israeli Firm Israeli spyware Malicious Software Spyware Spyware Attack

WhatsApp Uncovers Zero-Click Spyware Attack Linked to Israeli Firm Paragon

 

WhatsApp has uncovered a stealthy spyware attack attributed to Israeli firm Paragon, targeting nearly 100 users worldwide, including journalists and civil society members. This zero-click attack required no user interaction, making it particularly dangerous as it could infiltrate devices without victims clicking on links or downloading attachments. 

A WhatsApp spokesperson confirmed that the company successfully identified and blocked the exploit, directly notifying those affected. The investigation, supported by cybersecurity research group Citizen Lab, revealed that the spyware could extract private messages, access call logs, view photos, and even activate the device’s microphone and camera remotely. John Scott-Railton, a senior researcher at Citizen Lab, highlighted the broader risks associated with such surveillance tools. He stressed the need for greater accountability within the spyware industry, warning that unchecked surveillance capabilities pose serious threats to personal privacy and digital security. 

Italian media outlet Fanpage.io first reported the breach, revealing that its director, Francesco Cancellato, was among the targeted individuals. WhatsApp informed him that malicious software might have compromised his device, potentially granting unauthorized access to sensitive data. In response, Cancellato and a team of independent analysts are examining the extent of the breach and working to determine who orchestrated the espionage. Paragon, which has positioned itself as a more ethical alternative to controversial spyware vendors like NSO Group, now faces increased scrutiny. 

The company had been seeking entry into the U.S. market but encountered regulatory hurdles after concerns arose over national security risks and human rights implications. The Biden administration’s executive order on commercial spyware, designed to curb the spread of digital surveillance tools, contributed to the suspension of a key contract for Paragon. Cybersecurity experts caution that even democratic governments have misused surveillance technology when regulatory oversight is inadequate. 

The exposure of Paragon’s spyware campaign raises questions about the potential for abuse, especially in the hands of entities operating with minimal transparency. Experts argue that unless stringent policies are enforced, spyware firms will continue to develop and distribute invasive surveillance tools without accountability. Paragon has yet to respond to the allegations, but the revelations about its activities are likely to fuel ongoing debates over the ethics of commercial spyware. 

This case underscores the urgent need for stronger global regulations to prevent the misuse of surveillance technologies and protect individuals from unauthorized digital intrusions.
Read more »
WhatsApp
New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy. 

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth 

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Read more »
Spyware
Amazon App Store Android BMI Calculator malware Spyware

Hackers are Employing Amazon Appstore to Propagate Malware

 

'BMI CalculationVsn' is a malicious Android spyware app that was identified on the Amazon Appstore. It poses as a simple health tool while covertly harvesting data from compromised devices. 

Cybersecurity researchers from McAfee Labs discovered the app and notified Amazon, which resulted in the app being taken down from the app store. To get rid of any remaining traces, those who installed the app must manually uninstall it and run an extensive scan.

Amazon Appstore is a third-party Android software store that is pre-installed on Amazon Fire tablets and Fire TV devices. It also serves as a substitute to Google Play for Android device owners who can't or don't want to use Google's platform, and it even includes exclusive Amazon Prime games and entertainment. The BMI CalculationVsn spyware program, released by 'PT Visionet Data Internasional,' is marketed as a simple body mass index (BMI) calculator. 

Modus operandi

The user is greeted by an easy-to-use interface when they launch the compromised app, which offers the advertised features, such as calculating their BMI. However, there are other malicious activities going on in the background.

When the user taps the 'Calculate' button, the app first starts a screen recording service that asks for the required approval. This can be misleading and mislead users into giving their permission without thinking. 

McAfee claims that although the footage is locally stored in an MP4 file, it was not uploaded to the command and control (C2) server. This is probably because the app is still in the early stages of testing. 

The researchers' further investigation into the app's release history revealed that it was originally made available in the wild on October 8. By the end of the month, it changed the certificate information, added new malicious functions, and modified its icon. 

In order to help the attackers plan their next move, the app's second malicious operation is to scan the device and retrieve all installed applications. Finally, the spyware intercepts and gathers SMS messages, including verification codes and one-time passwords (OTPs), that are received and stored on the device.

Given that malicious apps can still escape through code review cracks in respectable and generally trustworthy stores like the Amazon Appstore, Android users should only install apps from reputable publishers. 

It is also advisable to review requested permissions and revoke problematic ones after installation. Google Play Protect can detect and block known malware detected by App Security Alliance partners such as McAfee, thus having it enabled on Android devices is critical.
Read more »
Zero-day Flaw
Android Spyware cyber espionage Cyber Security Israeli Firm NoviSpy Spyware Zero-day Flaw

Novel Android NoviSpy Spyware Linked to Qualcomm Zero-Day Flaws

 

Amnesty International researchers discovered an Android zero-day bug that was exploited to silently disseminate custom surveillance spyware targeting Serbian journalists. The probe has traced the technology to Cellebrite, an Israeli forensics vendor.

In a technical report published earlier this week, the human rights group outlined how Serbia's Security Information Agency (BIA) and police employed Cellebrite's forensic extraction tools and a newly uncovered spyware dubbed 'NoviSpy' to infect journalists' and activists' devices. In one instance, a journalist's phone was allegedly hacked during a police traffic check, with the Cellebrite tool facilitating the infection. 

Amnesty International warned that Serbia's legal restrictions on the use of mobile forensic tools are inadequate and that "the ability to download, in effect, an individual's entire digital life using Cellebrite UFED and similar mobile forensic tools, poses enormous human rights risks, if such tools are not subject to strict control and oversight.” 

The report details the example of journalist SlaviÅ¡a Milanov, whose Xiaomi Redmi Note 10S smartphone was hacked after a police confrontation in Serbia. Forensic investigation suggested the usage of a zero-day Android exploit to overcome encryption and unlock the device, allowing NoviSpy to be installed. 

According to the group, the privilege escalation zero-day, which was patched in the Qualcomm October security update, affected Android devices with popular Qualcomm chipsets and millions of Android smartphones globally. 

In another case, Amnesty International discovered an Android smartphone belonging to an environmental activist logging a series of missed calls including invalid, seemingly random numbers that are not acceptable in Serbia.

"After these calls, [the activist said] that the battery on his device drained quickly.” The researchers inspected the device and discovered no trace of manipulation, but they warned that there is a substantial "knowledge gap" regarding zero-click assaults on Android smartphones. 

Amnesty International acknowledged Cellebrite's claim that it has strict protocols to prevent product misuse, but cautioned that this revelation "provides clear evidence of a journalist's phone being targeted without any form of due process." 

Unfortunately, Amnesty International discovered signs of the previously undisclosed NoviSpy spyware, which allows for the capture of sensitive personal data from a target's phone after infection and the ability to remotely activate the phone's microphone or camera. 

“Forensic evidence indicates that the spyware was installed while the Serbian police were in possession of SlaviÅ¡a’s device, and the infection was dependent on the use of Cellebrite to unlock the device. Two forms of highly invasive technologies were used in combination to target the device of an independent journalist, leaving almost his entire digital life open to the Serbian authorities,” the human rights group stated.
Read more »
spyware and malware
Cyber Attacks cybercriminals data security Data Theft NCC Group Ransomware attack Ransomwares Spyware spyware and malware

Ymir Ransomware: A Rising Threat in the Cybersecurity Landscape

 

The evolving threat landscape continues to present new challenges, with NCC Group’s latest Threat Pulse report uncovering the emergence of Ymir ransomware. This new ransomware strain showcases the growing collaboration among cybercriminals to execute highly sophisticated attacks.

First documented during the summer of 2024, Ymir initiates its attack cycle by deploying RustyStealer, an infostealer designed to extract credentials and serve as a spyware dropper. Ymir then enters its locker phase, executing swiftly to avoid detection. According to an analysis by Kaspersky, based on an attack in Colombia, Ymir’s ransomware locker employs a configurable, victim-tailored approach, focusing on a single-extortion model, where data is encrypted but not stolen.

Unlike many modern ransomware groups, Ymir’s operators lack a dedicated leak site for stolen data, further distinguishing them. Linguistic analysis of the code revealed Lingala language strings, suggesting a possible connection to Central Africa. However, experts remain divided on whether Ymir operates independently or collaborates with other threat actors.

Blurred Lines Between Criminal and State-Sponsored Activities

Matt Hull, NCC Group’s Head of Threat Intelligence, emphasized the challenges of attribution in modern cybercrime, noting that blurred lines between criminal groups and state-sponsored actors often complicate motivations. Geopolitical tensions are a driving factor behind these dynamic threat patterns, as highlighted by the UK’s National Cyber Security Centre (NCSC).

Ransomware Trends and Global Incidents

Recent incidents exemplify this evolving threat landscape:

  • The KillSec hacktivist group transitioned into ransomware operations.
  • Ukraine’s Cyber Anarchy Squad launched destructive attacks targeting Russian organizations.
  • North Korea’s Jumpy Pisces APT collaborated with the Play ransomware gang.
  • The Turk Hack Team attacked Philippine organizations using leaked LockBit 3.0 lockers.

NCC Group’s report indicates a 16% rise in ransomware incidents in November 2024, with 565 attacks recorded. The industrial sector remains the most targeted, followed by consumer discretionary and IT. Geographically, Europe and North America experienced the highest number of incidents. Akira ransomware overtook RansomHub as the most active group during this period.

State-Backed Threats and Infrastructure Risks

State-backed cyber groups continue to escalate their operations:

  • Sandworm, a Russian APT recently reclassified as APT44, has intensified attacks on Ukrainian and European energy infrastructure.
  • As winter deepens, threats to critical national infrastructure (CNI) heighten global concerns.

Ransomware is evolving into a multipurpose tool, used by hacktivists to fund operations or to obfuscate advanced persistent threats (APTs). With its trajectory pointing to continued growth and sophistication in 2025, heightened vigilance and proactive measures will be essential to mitigate these risks.

Read more »
Technology
iVerify Pegasus Security Tool Spyware Technology

Novel iVerify Tool Detects Widespread Use of Pegasus Spyware

 


iVerify's mobile device security tool, launched in May, has identified seven cases of Pegasus spyware in its first 2,500 scans. This milestone brings spyware detection closer to everyday users, underscoring the escalating threat of commercial spyware. 

How the Tool Works 

iVerify’s Mobile Threat Hunting uses advanced detection methods, including:
  • Malware Signature Detection: Matches known spyware patterns.
  • Heuristics: Identifies abnormal behavior indicative of infections.
  • Machine Learning: Analyzes patterns to detect potential threats.
The service is offered to paying customers, with a free version available via the iVerify Basics app for a nominal fee. Users can run monthly scans, generating diagnostic files for expert evaluation. 
  
Spyware’s Broadening Scope 
 
The detected infections reveal Pegasus spyware targets beyond traditional assumptions: Victims include business leaders, government officials, and commercial enterprise operators.

The findings suggest spyware usage is more pervasive than previously believed.

Rocky Cole, iVerify’s COO and former NSA analyst, stated, "The people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, and people in government positions."

Detection and Challenges iVerify’s tool identifies infection indicators such as:
  • Diagnostic data anomalies.
  • Crash logs.
  • Shutdown patterns linked to spyware activity.
These methods have proven crucial in detecting Pegasus spyware on high-profile targets like political activists and campaign officials. Despite challenges such as improving mobile monitoring accuracy and reducing false positives, the tool's efficacy marks a significant advancement. 
  
Implications for Mobile Security 
 
The success of iVerify’s tool signifies a shift in mobile security perceptions: Mobile devices like iPhones and Android phones are no longer considered relatively secure from spyware attacks.

Commercial spyware’s increasing prevalence necessitates more sophisticated detection tools.

iVerify’s Mobile Threat Hunting tool exemplifies this evolution, offering a powerful resource in the fight against spyware and promoting proactive device security in an increasingly complex threat landscape.
Read more »
Subscribe to: Posts (Atom)