Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ad-based infiltration. Show all posts

Investigation Exposes Covert Israeli Spyware Infecting Targets through Advertisements

 

Insanet, an Israeli software company, has reportedly developed a commercial product named Sherlock, capable of infiltrating devices through online advertisements to conduct surveillance on targets and gather data for its clients. 

This revelation comes from an investigation by Haaretz, which disclosed that the spyware system was sold to a non-democratic country. This marks the first public disclosure of Insanet and its surveillance software. Sherlock is capable of infiltrating devices running Microsoft Windows, Google Android, and Apple iOS, as per the provided marketing information.

According to journalist Omer Benjakob's findings, this is the first instance worldwide where a system of this nature is marketed as a technology rather than a service. Insanet obtained approval from Israel's Defense Ministry to globally market Sherlock as a military product, subject to stringent restrictions, including sales exclusively to Western nations. Even presenting it to potential clients in the West requires specific authorization from the Defense Ministry, which is not always granted.

Founded in 2019, Insanet is owned by individuals with backgrounds in the military and national defense. Its founders include Dani Arditi, former chief of Israel's National Security Council, and cyber entrepreneurs Ariel Eisen and Roy Lemkin. Despite attempts to reach out, Arditi and Lemkin did not respond to inquiries, and Eisen could not be reached for comment.

Insanet affirmed its adherence to Israeli law and strict regulatory guidelines. In marketing its surveillance software, Insanet collaborated with Candiru, an Israel-based spyware manufacturer previously sanctioned in the US. The combined offering includes Sherlock and Candiru's spyware, with the former priced at six million euros ($6.7 million, £5.2 million) for a client.

The Haaretz report cited a Candiru marketing document from 2019, confirming Sherlock's capability to breach Windows-based computers, iPhones, and Android devices. Traditionally, different companies specialized in breaching distinct devices, but this system demonstrates the ability to effectively breach any device.

The Electronic Frontier Foundation's Director of Activism, Jason Kelley, expressed concern over Insanet's use of advertising technology to infect devices and surveil targets. Dodgy online ads not only serve as potential carriers for malware but can also be tailored to specific groups of people, making it particularly worrisome.

Sherlock stands out for leveraging legal data collection and digital advertising technologies, commonly favored by Big Tech and online media, for government-level espionage. This differs from other spyware like NSO Group's Pegasus or Cytrox's Predator and Alien, which tend to be more precisely targeted.

Mayuresh Dani, Qualys' threat research manager, likened the threat to malvertising, where a malicious ad is broadly distributed to unsuspecting users. In this case, however, it involves a two-stage attack: first profiling users using advertising intelligence (AdInt) and then delivering malicious payloads via advertisements, making unsuspecting users vulnerable to such attacks.