[ad_1]
Spyware companies target widely used iOS, Android, and Windows devices, making them lucrative targets for collecting sensitive information.
Each platform offers unique opportunities, and while iOS and Android dominate the mobile market, Windows remains the primary operating system for computers.
This complete scenario provides diverse means for monitoring and data collection.
According to the Q4 2023 Adversarial Threat Report, Meta Platforms recently filed lawsuits against eight surveillance services companies in Italy, Spain, and the UAE.
Cybersecurity researchers at Meta Platform reported that spyware from these companies is actively targeting iPhone, Android, and Windows devices.
A live attack simulation webinar will demonstrate the different ways account takeovers can occur and demonstrate how to protect your website and APIs from ATO attacks.
Malware used by spyware companies has stealth features that allow threat actors and operators to collect sensitive information from targeted devices.
The following device information was accessed and collected by the malware:-
- position
- photograph
- media
- contact address
- calendar
- SMS
- Social media
- messaging app
In addition to this, it also allows access to elements of the targeted device such as microphone, camera, screenshots etc., granting access to the attackers.
Spyware companies involved
Below we mention all the spyware companies involved.
- Cy4Gate/ELT Group
- RCS lab
- IPS intelligence
- Varistone IT
- TrueL IT
- Protect your electronic systems
- Neg group
- Moritium Industries
Cybersecurity researchers claimed that all the spyware companies mentioned above have also been found to be involved in scraping, social engineering, and phishing activities targeting a wide range of social platforms.
Fake personas linked to RCS Labs tricked users into providing phone numbers, email addresses, and surveillance.
Although now deleted, Variston IT’s Facebook and Instagram accounts helped develop and test the exploit.
Meta reports that Variston IT has ceased operations. Negg Group and Mollitiam Industries were also identified for spyware testing and data collection.
The Swedish communications security company said that this cyberattack technique includes a unique binary SMS (MM1_notification.REQ) that notifies MMS retrieved via MM1_retrieve.REQ and MM1_retrieve.RES, and fingerprints the GET requests. I think that device information may be embedded as .
In addition, spyware deployments, customized exploits, and phishing campaigns are possible, but there is no recent evidence of actual exploitation.
Stay up to date with cybersecurity news, whitepapers, and infographics. Follow us on LinkedIn. twitter.
[ad_2]
Source link
