8 spyware companies that target iOS, Android, and Windows devices have issued metawarns.
Eight different companies with offices in Italy, Spain, and the United Arab Emirates ( U. S. ), according to Meta Platforms, have taken a number of steps to stop malicious activity. A. E. ) working in the hire-out surveillance sector.
Its Adversarial Threat Report for the Fourth Quarter of 2023 includes the findings. iOS, Android, and Windows devices were the targets of the spyware.
According to the company,” their various malware includes the ability to gather and access device information, location, photos and media, contacts, calendar, email, SMS, social media apps, and enable microphone, camera, screenshot functionality.”
Protect Electronic Systems, Negg Group, Mollitiam Industries, Variston IT, IPS Intelligence, RCS Labs, and Cy4Gate/ELT Group are the eight businesses.
According to Meta, these companies also engaged in phishing, social engineering, and scraping activities with a focus on various platforms, including Telegram, Facebook, Instagram, X ( previously Twitter ), YouTube, Skype, Reddit, Google, Quora, Tumblr, VK, TikTok, SnapChat, Gettr.
In particular, it is claimed that Cy4Gate’s network of fictitious personas connected to RCS Labs tricked users into giving their phone numbers and email addresses in addition to clicking on phony reconnaisance links.
Another group of now-removed Facebook and Instagram accounts belonging to Spanish spyware vendor Variston IT were used for testing and developing malware, including sharing malicious links. Reports that the business is ceasing operations surfaced last week.
In other places, the social media behemoth removed over 2, 000 accounts, Pages, and Groups from Facebook and Instagram in response to coordinated inauthentic behavior ( CIB ) on networks from China, Myanmar ,and Ukraine.
The network coming from Myanmar targeted its own citizens with original articles that praised the Burmese army and disparaged ethnic armed groups and minority groups, in contrast to the Chinese cluster’s target audience with content critical of American foreign policy toward Taiwan, Israel, and Ukraine.
The third cluster is notable for posting content that backed Ukrainian politician Viktor Razvadovskyi on fictitious Pages and Groups while also disseminating” supportive commentary” on Kazakhstan’s current administration and” critical commentary about the opposition.”
A coalition of government and tech companies, including Meta, have agreed to stop commercial spyware from being used improperly to violate human rights.
In an effort to make exploitation more difficult and lessen the overall attack surface, the company has added new features like enabled Control Flow Integrity ( CFI ) on Messenger for Android and VoIP memory isolation for WhatsApp as countermeasures.
Despite this, the surveillance sector is still thriving in a variety of unanticipated ways. A surveillance tool called Patternz that uses real-time bidding (RTB ) advertising data gathered from well-known apps like 9gag, Truecaller, and Kik to track mobile devices was unveiled by 404 Media last month, building on earlier research from the Irish Council for Civil Liberties ( ICCL ) in November 2023.
According to ISA, the Israeli company behind the product that is advertised on its website,” Patternz enables national security agencies to detect, monitor, and predict users ‘ actions, security threats and anomalies.”
Then, last week, Enea revealed the details of MMS Fingerprint, a mobile network attack that was allegedly carried out by the Pegasus-maker NSO Group. A 2015 agreement between the business and Ghana’s telecom regulator included this information.The Swedish telecom security company believes it most likely uses MM1_notification, though the precise method is still a mystery. Binary SMS, also known as REQ, is a unique type of SMS message that alerts the recipient device to an MMS that is being retrieved from the Multimedia Messaging Service Center ( MMSC ).
The MMS is then obtained using MM1_retrieve. MM1_retrieve and REQ. RES, whereas the former is an HTTP GET request to the MM1_notification’s URL address. message REQ
The fact that user device information, such as User-Agent ( as opposed to a web browser User- Agent string ) and x-wap-profile, is embedded in the GET request makes this strategy noteworthy.
The OS and device are typically identified by a string called the ( MMS ) User-Agent, according to Enea. A UAProf ( User Agent Profile ) file that details a mobile handset’s capabilities is indicated by the x-wap-profile.
This information could be used by a threat actor looking to deploy spyware to exploit particular flaws, target the target device with malicious payloads they have created, or even create more potent phishing campaigns. However, there is no proof that this security flaw has recently been abused in the wild.
Week 6 of” The Good, the Bad, and the Ugly in Cybersecurity”