PasivRobber: Chinese Spyware or Security Tool?
In March 2025, our team found a suspicious mach-O file named wsus. Read the full analysis on its likely origins, target users, and observed functionality.
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Two spyware variants – Moonshine and BadBazaar – are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities.
Virtue or Vice? A First Look at Proliferating Spyware Operations
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
North Korean government hackers snuck spyware on Android app store | TechCrunch
Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy.
Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel
Lookout researchers have discovered a novel Android surveillance tool dubber KoSpy. It is attributed to APT 37 aka ScarCruft
Cellebrite zero-day exploit used to target phone of Serbian student activist - Amnesty International Security Lab
Amnesty International’s Security Lab uncovers sophisticated Cellebrite zero-day exploit, impacting billions of Android devices.
Researchers uncover unknown Android flaws used to hack into a student's phone
Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools. On
Cellebrite suspends Serbia as customer after claims police used firm's tech to plant spyware | TechCrunch
Security researchers found evidence that Cellebrite was used by Serbian police to hack into the cellphones of a local journalist and an activist.
Spyware maker caught distributing malicious Android apps for years | TechCrunch
Italian company SIO, which sells to government customers, is behind an Android spyware campaign called Spyrtacus that spoofed popular apps like WhatsApp, per security researchers.
An Italian journalist speaks about being targeted with Paragon spyware
As an undercover journalist covering Italian politics, Francesco Cancellato is used to reporting on scandals. But he never thought he would be part of the story.
Spyware maker Paragon terminates contract with Italian government: media reports | TechCrunch
Following allegations of potential abuse, Paragon Solutions has cut off Italy from its spyware systems.
Ces hackers israéliens qui s’installent à Barcelone
Barcelone se mue en “capitale européenne de la cyberguerre”. Depuis un an et demi, “au moins trois équipes renommées d’experts en piratage informatique”, venus d’Israël, se sont installées dans la capitale de la Catalogne, détaille El Periódico de Catalunya. Le journal espagnol s’appuie sur les informations du quotidien de Tel-Aviv Ha’Aretz, qui a publié le 26 décembre un article sur les hackers “délocalisés” d’Israël vers des pays de l’Union européenne, dont l’Espagne.
Apple sends spyware victims to this nonprofit security lab
Cybersecurity experts, who work with human rights defenders and journalists, agree that Apple is doing the right thing by sending notifications to victims of mercenary spyware — and at the same time refusing to forensically analyze the devices.
Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.
The Wiretap: Kamala Harris’ Campaign Staff Suspected iPhones Had Been Hacked. Apple Declined To Give Them The Help They Wanted.
Apple rejects requests for a copy of a Harris campaign staffer's iPhone.
Serbian authorities using spyware to hack activists and journalists
Serbian authorities are using spyware and Cellebrite forensic extraction tools to hack journalists and activists in a surveillance campaign.
Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops.
Log In POLITICO Pro Home Latest news Romanian elections War in Ukraine French political crisis Newsletters Podcasts Poll of Polls Policy news Events News Politics Hungarian CIA reportedly spied on EU officials
Officials from EU anti-fraud office were allegedly followed, wiretapped and had their laptops hacked by Hungary’s intelligence agency.
Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection
Key findings from our analysis include: Advanced Surveillance Capabilities: Utilizes technologies like WebRTC for real-time audio and video streaming. Abuses Accessibility Services to intercept user interactions. Comprehensive Data Exfiltration: Collects and transmits a wide range of personal data, including messages, call logs, and location information. Persistence Mechanisms: Employs techniques to remain active on the device, such as auto-start on boot and misuse of device administrator privileges. Abuse of Legitimate Services: Utilizes Firebase Cloud Messaging to establish command and control channels, disguising its communications as legitimate traffic. Indicators of Compromise (IoCs): Identified specific URLs, IP addresses, file hashes, and other artifacts associated with Celular 007. Need for Collective Protection: * Highlights the importance of collective defense strategies and community awareness to combat such invasive tools.
How Italy became an unexpected spyware hub
Italy is home to six major spyware vendors and one supplier, with many smaller and harder-to-track enterprises emerging all the time, experts say.
New Criminal Complaint Over Pegasus Spyware Hacking of journalists and activists in the UK
Four victims of Pegasus spyware in the UK have this week filed a criminal complaint with the Metropolitan Police.
Apple Suddenly Drops NSO Group Spyware Lawsuit
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
Predator Spyware Infrastructure Resurfaces Post-Sanctions – What You Need to Know
Intellexa’s Predator spyware infrastructure re-emerges after sanctions. Learn how this mercenary spyware is evolving, targeting high-profile individuals, and what defensive measures can be taken.
News Greek Court Clears State Institutions of Involvement With Illegal Spyware
Supreme Court ruling that Greek state agencies were not involved in the use of illegal spy software shocks opposition leader who says confidence in the justice system had been 'seriously shaken'.
New Mandrake Android spyware version discovered on Google Play | Securelist
Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play.
Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
The Minnesota-based spyware maker Spytech snooped on thousands of devices before it was hacked earlier this year.
Apple warns iPhone users in 98 countries of spyware attacks
Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It's the Apple issued threat notifications to iPhone users across 98 countries, warning them of spyware attacks.
The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims
Andrei Sannikov and Evgeny Erlikh discuss the effects of discovering their devices had been infected with Pegasus — making them part of a rapidly expanding list of civil-society figures targeted with the commercial spyware.
Shalev Hulio Made Pegasus Spyware, Now He’s King of Israeli AI
Shalev Hulio is remaking his image but is still involved in a web of cybersecurity ventures with his old colleagues from NSO Group.
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.