Tag: surveillance

16 Attack Reports | 0 Vulnerabilities

Attack reports

Prolific Zero-Day Exploits Continue

Despite sanctions, Intellexa continues to operate, developing and selling spyware to various clients. The company has been linked to 15 unique zero-day vulnerabilities since 2021, targeting mobile browsers and operating systems. Their exploit chain, known as 'smack', uses a framework called JSKit f…
ios
surveillance
android
zero-day
spyware
CVE-2024-4610
chrome
CVE-2025-6554
2025-12-04
predator
CVE-2023-41991
CVE-2023-41992
CVE-2023-41993
exploit-chain
CVE-2023-2033
preyhunter
CVE-2023-4762
CVE-2021-37976
CVE-2023-2136
CVE-2023-3079
CVE-2021-37973
CVE-2021-38003
CVE-2021-1048
CVE-2025-48543
CVE-2021-38000
Published: December 4, 2025
Linked vulnerabilities : CVE-2024-4610, CVE-2025-6554 (CVSS 8.1), CVE-2025-12480 (CVSS 9.1), CVE-2025-48543, CVE-2021-1048, CVE-2023-2136, CVE-2021-38003, CVE-2021-37976, CVE-2023-2033, CVE-2023-41993, CVE-2023-41992, CVE-2023-41991, CVE-2023-4762, CVE-2023-3079, CVE-2021-38000, CVE-2021-37973, CVE-2022-42856
Downloadable IOCs: 2

New Python RAT Targets Gamers via Minecraft

A new multi-function Python RAT has been discovered targeting gamers through Minecraft. The malware, posing as a legitimate Minecraft client called 'Nursultan Client', uses the Telegram Bot API for command and control. It has capabilities including screenshot capture, webcam access, Discord token t…
surveillance
rat
python
minecraft
discord
telegram
gaming
2025-10-22
token theft
nursultan client
Published: October 22, 2025
Downloadable IOCs: 1

Windows Targeted with Rust Backdoor and Python Loader

APT37, a North Korean threat actor, has been observed using new tactics and tools in recent campaigns. They have deployed a Rust-based backdoor named Rustonotto, alongside the existing PowerShell-based Chinotto malware and FadeStealer. The group utilizes Windows shortcut files and help files as ini…
surveillance
data exfiltration
spear phishing
code injection
2025-09-08
chinotto
fadestealer
rust backdoor
rustonotto
Published: September 8, 2025
Downloadable IOCs: 1

Android backdoor spies on Russian business employees

A sophisticated Android backdoor named Android.Backdoor.916.origin is targeting Russian business representatives. The malware, disguised as an antivirus app called 'GuardCB', has extensive surveillance capabilities including intercepting calls, streaming camera footage, stealing data from messaging…
backdoor
surveillance
android
spyware
russian
2025-08-25
mobile-malware
business
android.backdoor.916.origin
targeted-attack
Published: August 25, 2025
Downloadable IOCs: 0

The Dark Side of Parental Control Apps

Parental control apps, designed to protect children online, are gaining popularity but raising concerns about privacy and misuse. These apps require extensive permissions to monitor device activities, including location tracking, call logs, and message access. While some are distributed through off…
surveillance
privacy
2025-08-13
appcare/android.kidlogger
app permissions
smartphone monitoring
security concerns
child protection
appcare/android.manamgeri
parental control
Published: August 13, 2025
Downloadable IOCs: 0

Chinese Mobile Forensic Tooling Discovered

Lookout Threat Lab has uncovered a mobile forensics application called Massistant, used by Chinese law enforcement to extract extensive data from mobile devices. Believed to be the successor of MFSocket, Massistant requires physical access to install and is not distributed through official app stor…
surveillance
travel security
law enforcement
data collection
2025-07-18
mobile forensics
mfsocket
Published: July 18, 2025
Downloadable IOCs: 6

PumaBot: Novel Botnet Targeting IoT Surveillance Devices

A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates sys…
linux
surveillance
persistence
iot
botnet
credential theft
2025-06-04
pumabot
ssh brute-force
Published: June 4, 2025
Downloadable IOCs: 1

Uyghur Diaspora Group Targeted with Remote Surveillance Malware

Senior members of the World Uyghur Congress (WUC) were targeted by a sophisticated spear phishing campaign aimed at deploying surveillance malware. The attack, discovered in March 2025, involved a trojanized version of a legitimate Uyghur language text editor. The malware enabled remote surveillanc…
surveillance
remote access
spear phishing
2025-04-28
uyghur
trojanized application
uyghureditpp backdoor
Published: April 28, 2025
Downloadable IOCs: 0

North Korean APT37 Mobile Spyware Discovered

A new Android spyware called KoSpy has been attributed to the North Korean group APT37 (ScarCruft). The malware, active since March 2022, targets Korean and English-speaking users by masquerading as utility apps. KoSpy uses a two-stage C2 infrastructure, retrieving initial configurations from Fireb…
apt
surveillance
north korea
android
spyware
konni
apt37
2025-04-12
scarcruft
kospy
Published: April 12, 2025
Downloadable IOCs: 0

Virtue or Vice? A First Look at Paragon's Proliferating Spyware Operations

The report investigates Paragon Solutions, an Israeli spyware company founded in 2019 that sells a product called Graphite. Through infrastructure analysis, the researchers identified potential Paragon deployments in several countries. They also found evidence linking Paragon to the Canadian Ontari…
surveillance
graphite
spyware
cybersecurity
human rights
law enforcement
2025-03-19
canada
italy
zero-click exploit
Published: March 19, 2025
Downloadable IOCs: 22

LightSpy Malware Now Targets Facebook & Instagram Data

LightSpy, a modular surveillance framework, has expanded its capabilities to target Facebook and Instagram data. The malware, initially focused on mobile devices, now compromises Windows, macOS, Linux, and routers. Recent analysis reveals a significant expansion in its command list, with over 100 c…
malware
surveillance
lightspy
plugins
infrastructure
command and control
facebook
2025-02-21
instagram
Published: February 21, 2025
Downloadable IOCs: 27

PlainGnome and Bonespy Russian Android spyware discovered | Threat Intel

Two Android surveillance families, BoneSpy and PlainGnome, have been discovered and attributed to the Russian Gamaredon APT group, associated with the FSB. BoneSpy, active since 2021, is based on open-source DroidWatcher, while PlainGnome emerged in 2024. Both target Russian-speaking victims in for…
surveillance
android
russia
spyware
fsb
2024-12-13
shuckworm
plaingnome
primitive bear
bonespy
Published: December 13, 2024
Downloadable IOCs: 31

Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed

A joint investigation by The First Department and The Citizen Lab uncovered spyware covertly implanted on a Russian programmer's phone after it was confiscated by authorities. The individual, accused of sending money to Ukraine, was subjected to beatings and recruitment attempts by the FSB during h…
surveillance
android
russia
spyware
2024-12-05
monokle
trojanized app
device confiscation
fsb
Published: December 5, 2024
Downloadable IOCs: 0

New macOS malware gives attackers backdoor access to Macs

A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
backdoor
surveillance
rat
macos
malicious
hz rat
2024-09-16
Published: September 16, 2024
Downloadable IOCs: 25

An Android RAT targets Telegram Users

This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data from Telegram users. It employs phishing techniques to trick victims into installing a malicious application disguised as the legitimate Telegram app. Once installed, Sp…
surveillance
rat
phishing
android
keylogger
2024-06-28
spymax
Published: June 28, 2024
Downloadable IOCs: 4

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called 'Operation Celestial Force' conducted by a Pakistani nexus of threat actors called 'Cosmic Leopard'. This multi-year operation has been targeting Indian entities and individuals since at least 2018, employing the use of GravityRAT (an Android …
espionage
surveillance
2024-06-14
targeted attacks
gravityrat
heavylift
Published: June 14, 2024
Downloadable IOCs: 142
Click here to see more Attack Reports