Search This Blog

Showing posts with label spyware and malware. Show all posts

iPhones of Al Jazeera Journalists Being Snooped On Via Israeli Firm's Spyware

 

iPhones of around 36 Journalists at Al Jazeera news organisation have been hacked by nation-sponsored hackers who sent malware laden iMessages. The attackers who are suspected to be backed by the governments of the United Arab Emirates and Saudi Arabia, exploited a zero-day vulnerability in iMessage which was later fixed by Apple. 

In a technical report, experts have stated that the Journalists' iPhones were snooped on by attackers who employed NSO's Pegasus software to deploy spyware onto the iPhones of 36 journalists, executives and producers at the news agency, Al Jazeera. 

Pegasus is a modular malware developed by the Israeli firm NSO which is used for surveillance purposes and has also been linked to surveillance abuse at multiple occasions. The spyware allows hosts to remotely monitor and exploit devices. Reportedly, the attack took place invisibly and it didn't require the attackers to trick the victims into clicking on a malicious link – as opposed to conventional ways of deploying malware. 

While examining one of the victim's device, researchers discovered that spyware was deployed secretly through iMessage and was able to take images using iPhone's camera, access passwords, and victim's location. Besides, it's likely that the spyware was also recording phone calls and microphone.  

As per the researchers at Citizen Lab, a total of four operators belonging to Pegasus were observed to have assisted the hack. Two of the operators namely SNEAKY KESTREL and MONARCHY are suspected to be having links with the governments of Middle Eastern countries; to the UAE and Saudi Arabia, respectively.  

According to the reports by Citizen Lab, "In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked." 

"The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11." 

"We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system," the report further read.

Skygofree Malware: One of Most Advanced Spyware Ever Seen

Russian cybersecurity lab, Kaspersky, has found out a new advanced Android spyware having “never before seen” features that lets hackers carry out advanced surveillance on Android phones, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.

The malware, dubbed as “Skygofree,” was reportedly found on malicious websites in Italy. According to Kaspersky, the malware is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares.

More information including, Skygofree's commands, indicators of compromise, domain addresses, and device models targeted, can be found in their blog post on Securelist.

The spyware functions by tricking the “Accessibility” feature present in Android to help users with disabilities access their apps. Using this, the spyware can read the messages displayed on the screen, even those sent by the user.

Skygofree is also capable of taking pictures and video, recording audio and noise according to the location specified by the hacker, record Skype conversations, seizing call records, geolocation data, and other sensitive data.

Kaspersky believes that, just like an earlier hack in 2015 by Hacking Team, an Italy-based spyware developer, Skygofree was also developed by Italians.

Skygofree has allegedly been active since 2014 and has been targeting select individuals, who are all from Italy. The spyware has been undergoing regular development since then and as many as 48 commands were found in the latest version.

#Eurograbber Campaign - Trojan steals $47 Million from 30k European Bank accounts

Eurograbber Banking Trojan

A highly sophisticated cybercriminal campaign , dubbed as "Eurograbber" , enabled criminals to steal more than $47 million (€36 million) from more than 30,000 bank accounts belong to corporate and individuals across Europe.

The finding comes from a case study published by Security firm Check Point and online fraud prevention solutions provider Verasafe .

According to the case study, the attack began in Italy, and soon after, tens of thousands of infected online bank customers were detected in Germany, Spain and Holland.

The campaign starts when a victim unknowingly clicks a malicious link in a spam email or possibly through general web surfing. Clicking on the link directs them to a site that attempts to drop the Banking Trojan - a malware that steals Bank login credentials.

The next time the victim logs in to their bank account , the Trojan intercepts the session and displays fake banking page that informs the customer of the “security upgrade” and instructs them on how to proceed.

The page recommend user to input their smartphone OS and phone number. Once victim gave the phone details, the Eurograbber Trojans sent SMS with a link to a fake "encryption software"- in fact, it is "Zeus in the mobile" (ZITMO) virus.

Once the Eurograbber are installed on the victims' PC and smartphone, the trojan lays dormant until the next time the customer accesses their bank account. When victim log in , immediately it transfers victim's money to criminals' account.

The Trojan then intercepts the confirmation text message sent by the bank, forwarding it to C&C server via a relay phone number. The server uses the message to confirm the transaction and withdraw the money.