Tag: SPYWARE

In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions
Summary: This week’s cybersecurity news roundup highlights various incidents and developments, including a Ukrainian cybercriminal’s identity revelation, alarming insights into remote access trojans, and notable data breaches in the healthcare sector. Other key updates involve the extradition of cybercrime marketplace administrators, ongoing threats from hacker groups, and recent software vulnerability disclosures.…
Read More
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
Summary: Cybersecurity researchers have discovered deceptive websites impersonating legitimate app stores to distribute SpyNote malware, which targets Android devices. This malware is linked to known threat actors, including state-sponsored groups, and is capable of extensive data theft and control over infected devices. Additionally, intelligence agencies have issued alerts regarding other malware threats like BadBazaar and MOONSHINE, which target specific communities for surveillance.…
Read More
Google Releases Two Android Zero-Day Fixes, Exploited in the Wild
Google has patched two critical zero-day vulnerabilities in Android, tracked as CVE-2024-53150 and CVE-2024-53197, which were actively exploited before the release of fixes. These vulnerabilities relate to the Linux kernel’s USB-audio driver, posing significant security risks as they could lead to full device compromise. Affected: Android devices, specifically versions prior to the April 2025 patch.…
Read More
Sweden arrests senior Uyghur representative on suspicion of spying for China
Summary: Swedish authorities arrested Dilshat Reshit, an ethnic Uyghur man in Stockholm, on suspicion of spying on other Uyghurs for the Chinese intelligence service. The World Uyghur Congress has called for transparency in the investigation and has removed Reshit from his position as a spokesperson. This incident highlights ongoing concerns regarding Chinese espionage targeting Uyghur communities abroad amid allegations of human rights abuses in China.…
Read More
The CyberDiplomat’s Daily Report
This report outlines various global cybersecurity incidents, including sophisticated spyware targeting Tibetan and Taiwanese communities, scrutiny over Bangladesh’s Cyber Security Act, a DDoS attack on Indonesia’s Tempo.co, and breaches in Australia’s superannuation sector. Other highlights include malware threats in various regions and ongoing efforts to enhance cybersecurity across nations.…
Read More
Wyden to block Trump’s CISA nominee until agency releases report on telecoms’ ‘negligent cybersecurity’
Summary: Oregon Senator Ron Wyden is blocking the nomination of Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency (CISA) due to the agency’s refusal to release an unclassified report on security vulnerabilities at U.S. telecommunications companies. Wyden accuses CISA of a prolonged cover-up, which has significant implications for national security following recent cyber incidents.…
Read More
As spyware market continues to expand, diplomatic Pall Mall Process hits a pivot point
Summary: Participants in the Pall Mall Process, aimed at reforming the commercial hacking and spyware market, expressed concerns about securing industry buy-in amidst rising misuse of these technologies. The initiative recently published a non-binding Code of Practice signed by 21 countries, including Austria and Hungary, while notable absentees included traditional allies like Canada and Australia.…
Read More
Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities
Summary: The UK’s National Cyber Security Centre, in collaboration with cybersecurity agencies from five countries, has issued a joint advisory on two spyware variants, BADBAZAAR and MOONSHINE, which are actively targeting Uyghur, Tibetan, and Taiwanese communities. This spyware campaign seeks to monitor and intimidate these groups perceived as threats by the Chinese state.…
Read More
NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups
Summary: The U.K.’s National Cyber Security Centre highlights the deployment of two spyware types, MOONSHINE and BADBAZAAR, targeting Uyghur, Tibetan, and Taiwanese individuals and organizations. These spyware apps can access sensitive information without the victims’ knowledge, leveraging popular platform designs to lure users. The NCSC warns at-risk populations to be vigilant regarding app usage and permissions to mitigate the risks of surveillance.…
Read More
Android Update Patches Two Exploited Vulnerabilities
Summary: Google has released the April 2025 security update for Android, which addresses two critical kernel vulnerabilities, CVE-2024-53150 and CVE-2024-53197, that have been exploited in real-world attacks. The update includes fixes for approximately 60 additional security issues, with a special emphasis on a critical elevation of privilege flaw that could allow remote exploitation without user intervention.…
Read More
Google fixes Android zero-days exploited in attacks, 60 other flaws
Summary: Google has released patches for 62 vulnerabilities in the April 2025 Android security update, addressing two zero-days exploited in targeted attacks. One zero-day was reportedly used by Serbian authorities in conjunction with Cellebrite technology to unlock confiscated devices. The updates aim to enhance security and mitigate risks associated with high-severity vulnerabilities uncovered in recent months.…
Read More
Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims
Summary: Ukrainian government agencies and military organizations are being targeted by hackers impersonating drone manufacturers and state agencies through phishing attacks. The attackers aim to implant information-stealing malware and have been traced as UAC-0226, utilizing hacked email accounts to deploy malicious documents. Recent reports indicate the use of both new spyware and malware designed to capture sensitive browser data, with a focus on key institutions near the eastern border of Ukraine.…
Read More
Malloc Privacy Weekly
This week’s edition of Malloc Privacy Weekly highlights significant cybersecurity threats including the misuse of free VPN apps owned by Chinese companies, a new phishing-as-a-service platform called Lucid, and various malware threats targeting Android devices. The report emphasizes the need for users to be aware of privacy risks and consider enhanced protective measures when using technology.…
Read More
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges
Summary: A pharmacist at the University of Maryland Medical Center allegedly installed spyware on hundreds of computers to spy on staff, leading to a class-action lawsuit for negligence in protecting sensitive information. Matthew Bathula is accused of using keyloggers to access personal data over a decade, with the investigation currently being handled by the FBI.…
Read More
Malloc Privacy Weekly
This week’s analysis highlights various cybersecurity threats, including the targeting of Serbian journalists with Pegasus spyware and the emergence of the Crocodilus mobile banking Trojan, which exploits accessibility services to steal sensitive data. Furthermore, significant privacy breaches have occurred across multiple platforms, including dating apps and financial services, raising alarm over user data security.…
Read More
UK Sets Out New Cyber Reporting Requirements for Critical Infrastructure
Summary: The British government has announced the forthcoming Cyber Security and Resilience Bill aimed at enhancing cybersecurity regulations in response to the increasing threats from cybercriminals and hostile states. This legislation seeks to expand the criteria for reportable incidents, include more entities under regulation, and strengthen the government’s ability to mandate actions for national security.…
Read More
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
Summary: The North Korea-linked APT group Lazarus is employing the ClickFix technique to deliver malware through fake job interviews targeting cryptocurrency developers. This campaign, identified as ClickFake Interview, continues Lazarus’s focus on exploiting the cryptocurrency sector to steal valuable assets. With a history of targeting software developers through various campaigns, they have successfully amassed significant amounts of cryptocurrency through deception and social engineering tactics.…
Read More