Search This Blog

Showing posts with label Spyware. Show all posts

NSO's Spyware Pegasus Taking Control of Mobile Devices through Apps


NSO's spyware Pegasus has been revealed to assume control for mobile devices through various apps; this is a matter of grave concern as cybersecurity firms have in the past also discovered the Pegasus software to exist in both the Apple and Android operating systems.

While WhatsApp said the number of infected users may go up from the present gauge of 1,400, as more users come forward with this issue, Newswire Reuters even reported citing to sources familiar with WhatsApp's internal investigation that the snooping may also include prominent government and military authorities in about 20 nations, aside from activists and journalists.

Raman Jit Singh Chima, Asia Policy Director, and Senior International Counsel at open internet advocacy group Access Now says that “Surveillance tech firms such as NSO and others market these capabilities with the intent of allowing their clients to hack and surveil all of the everyday smartphone activity of the targeted victim.”

He further included this may also include services, like Gmail, iMessage, Facebook, and Viber.

NSO's utilization of malware to control Apple devices is said to have been first discovered in 2016, and Apple along these lines had even released software upgrades in September 2016 after it found that hackers could have accessed its devices by making a victim click on a link and it was then speculated that Pegasus spyware could have been installed by misusing vulnerabilities in its software.

University of Toronto-based Citizen Lab, which aided WhatsApp in its investigation for the aforementioned issue, said in a 2018 report that Pegasus seems, by all accounts, to be being used by nations with 'dubious' human rights records and histories of harsh conduct by state security administrations.

This includes India too, as one NSO administrator named the Ganges is said to have been operated in India and was discovered by Citizen Lab. Most recently WhatsApp stresses the fact that the number of users affected may go up later on particularly in India because of the total absence of any surveillance reform or data protection laws.

BEC Scams Increase Year over Year; Reach Monthly Average of More Than $300 Million



Business email compromise (BEC) scams have been on a steady rise year over year and as per the suspicious activity reports (SARs) received month since 2016, the count has now reached at a monthly average of more than $300 million.

The  Financial Crimes Enforcement Network  (FinCEN) in the wake of assembling the statistics about BEC episodes happening in the course of recent years recognized the most common types of targets alongside the destination planned for the stolen assets and the procedures utilized by the scammers.

Companies have said to have lost around $1.2 billion to this kind of cybercriminal movement, who's aim is to acquire assets by acting like a customer or upper management personnel in a company so as to fool the key individuals within the organization into wiring funds to an 'attacker-control bank account'.

Commercial entities offering proficient services  like landscaping, retail, restaurants, and lodging turned out to be increasingly alluring targets, with 18% of the attacks being aimed at them.

FinCEN's analysis describes the broader picture of BEC scams

In contrast to financial organizations, which fell in the rankings from 16% to 9%, real estate firms ended up being all the more enticing, representing 16% of the BEC scam victim pie.

The attackers however don't stay adhered to only one way; they have various strategies to accomplish their goal. From impersonating company CEOs to impersonating customers and vendors all the while using fake invoices they have done it all.

Therefore users are recommended to pay special mind to any Malwares or Spywares as the attackers rely heavily on malware intended to steal the necessary information for executing the attack just as Spyware for stealing the information important to break into email accounts.

Israeli spyware firm NSO can mine data from social media accounts









An Israeli spyware firm has claimed that they can scoop  user data from the world’s top social media, the Financial Times report. 

The powerful malware Pegasus from NSO Group is the same spyware that breached WhatsApp data earlier this year. 

The firm said that this time their malware can scrap data from the servers of Apple, Google, Amazon, Facebook, and Microsoft. 

According to the reports of the Times, the NSO group had “told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch”.

However, the companies spokesperson denied the allegation in a in written statement to AFP’s request for comment. 
“There is a fundamental misunderstanding of NSO, its services and technology,” it said.

“NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”

In the mean time, Amazon and Google told AFP that they have started an investigation on the basis of report, but so far found no evidence that the software had breached their systems or customer accounts.




Hidden for 5 years, complex ‘TajMahal’ spyware discovered

It's not every day that security researchers discover a new state-sponsored hacking group.

Spyware is inherently intriguing primarily because of the complexity that allows it to carry out its malicious plans, and breaking them down is something that security researchers have to do on a regular basis. However, a unique form of spyware with a phenomenal 80 different components and all kinds of tricks has been discovered by a group of analysts after it. Also, this spyware had been under wraps for more than five years.

A technically sophisticated cyberespionage framework that has been active since at least 2013 has been outed by security researchers.

In a recent talk at the Kaspersky Security Analyst Summit in Singapore, researcher Alexey Shumin shed light on the firm’s groundbreaking discovery of an adaptable Swiss Army spyware framework called TajMahal.

Security researchers still aren't sure who's behind the versatile TajMahal spyware—or how they went undetected for so long. ‘TajMahal’ modules and bundles functionality which have never been before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

The 80 distinct modules include not just the standard ones like keylogging and screen-grabbing but also completely new tools.

TajMahal include two main packages: ‘Tokyo’ and ‘Yokohama’. Tokyo contains the main backdoor functionality, and periodically connects with the command and control servers.

TajMahal is a wonder to behold.

"Such a large set of modules tells us that this APT is extremely complex," Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. "TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing."

Malware through PDF Attachments..?





A recent malicious campaign discovers the delivery of PDF documents to the users as an attachment through phishing messages in order for them to download a malicious Android executable file.

The PDFs utilize various ways such as “To open this document, update the adobe reader” or “To unlock this document press below button" to grab the user's attention. At the point when the user finally perform the requested click activity on that document, a malevolent APK (Android executable) file is downloaded from a link that was present in that PDF, which further downloads original Adobe Reader.


This malware additionally has the ability to peruse contacts, read, the browser bookmarks, and key-logging and to inhibit the background processes.

It distinguishes whether the phone is rooted or non-rooted and proceeds accordingly at the same time gathering information on the longitude and latitude  data while tracking SMS notifications and call status'  and then sending the information to the servers controlled by the attackers.


It is therefore recommended for the users to abstain from downloading applications from the third-party application stores or links and other connections given in SMSs or emails. Also to avoid opening mails and attachments from obscure sources and to dependably keep 'Unknown Sources' disabled as enabling this option permits the installation certain applications from obscure sources.

But more importantly, to keep the device OS and mobile security application always updated in order to protect their privacy.

A Trojan App on Google Play Store Stealing Users Sensitive Data





Cyber security specialists at Cisco Talos have discovered a malware denominated as GPlayed, a Google Play Market Place application that is indistinguishable to the design of Google Play store icon and other subsidiary applications. GPlayed is capable for deceiving users into installing it on their Android phone and lose sensitive data to hackers.

This issue is a risky one as clueless many gullible users may install the app. on the given that it is a reliable one indeed and wind up paying a "heavy price".

This dangerous Trojan malware in spite of the fact that isn't yet live on the Google Play store yet is capable of and even transmitting Visa or bank details present in the phone and furthermore swing in to fulltime spyware equipped for following victim’s locations.

"What makes this malware extremely powerful is the capability to adapt after it's deployed. In order to achieve this adaptability, the operator has the capability to remotely load plugins, inject scripts and even compile new .NET code that can be executed," Cisco Talos report said.




Adding further they said that their analysis indicates that this Trojan is in its testing stage but given its potential, every mobile user should be aware of GPlayed. As mobile developers have recently begun eschewing traditional app stores and instead want to deliver their software directly through their own means. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one.

In spite of Google taking strict measures to control the stream of Android malware to the Play app store, it can't recognize Trojan malware covered up in authentic applications. General Android application users are thus advised to be cautious in installing, such resembling phony Google applications.