[mc4wp_form id=”2320″]
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms base in Italy, Spain, and the United Arab Emirates (UAE) operating in the surveillance-for-hire industry.
The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.
“Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone, camera, and screenshot functionality,” the company said.
The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.
These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch, and Telegram.
A network from RCS Labs, which is owned by Cy4Gate, tricked users into providing their phone numbers and email addresses. Another set of now-removed Facebook and Instagram accounts associated with Spanish spyware vendor Variston IT was employed for exploit development and testing, including the sharing of malicious links.
Last week, reports emerged that the company is shutting down its operations.
Meta also said it identified accounts used by Negg Group to test the delivery of its spyware, as well as by Mollitiam Industries, a Spanish firm that advertises a data collection service and spyware targeting Windows, macOS, and Android, to scrape public information.
Elsewhere, the social media giant actioned on networks from China, Myanmar, and Ukraine exhibiting coordinated inauthentic behavior (CIB) by removing over 2,000 accounts, Pages, and Groups from Facebook and Instagram.
While the Chinese cluster targeted U.S. audiences with content related to criticism of U.S. foreign policy towards Taiwan and Israel and its support of Ukraine, the network originating from Myanmar targeted its own residents with original articles that praised the Burmese army and disparaged the ethnic armed organizations and minority groups.
The third cluster is notable for its use of fake Pages and Groups to post content that supported Ukrainian politician Viktor Razvadovskyi, while also sharing “supportive commentary about the current government and critical commentary about the opposition” in Kazakhstan.
The development comes as a coalition of government and tech companies, counting Meta, have signed an agreement to curb the abuse of commercial spyware to commit human rights abuses.
As countermeasures, the company has introduced new features like enabled Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp in an effort to make exploitation harder and reduce the overall attack surface.
That said, the surveillance industry continues to thrive in myriad, unexpected forms. Last month, 404 Media — building off prior research from the Irish Council for Civil Liberties (ICCL) in November 2023 — unmasked a surveillance tool called Patternz that leverages real-time bidding (RTB) advertising data gathered from popular apps like 9gag, Truecaller, and Kik to track mobile devices.
“Patternz allows national security agencies utilize real-time and historical user advertising generated data to detect, monitor and predict users actions, security threats and anomalies based on users’ behavior, location patterns and mobile usage characteristics, ISA, the Israeli company behind the product claimed on its website.
Then last week, Enea took the wraps off a previously unknown mobile network attack known as MMS Fingerprint that’s alleged to have been utilized by Pegasus-maker NSO Group. Details about the technique were included in a 2015 contract between the Israeli company and the telecom regulator of Ghana.
While the exact method used remains something of a mystery, the Swedish telecom security firm suspects it likely involves the use of MM1_notification.REQ, a special type of SMS message called a binary SMS that notifies the recipient device of an MMS that’s waiting for retrieval from the Multimedia Messaging Service Center (MMSC).
The MMS is then fetched by means of MM1_retrieve.REQ and MM1_retrieve.RES, with the former being an HTTP GET request to the URL address contained in the MM1_notification.REQ message.
What’s notable about this approach is that user device information such as User-Agent (different from a web browser User-Agent string) and x-wap-profile is embedded in the GET request, thereby acting as a fingerprint of sorts.
“The (MMS) User-Agent is a string that typically identifies the OS and device,” Enea said. “x-wap-profile points to a UAProf (User Agent Profile) file that describes the capabilities of a mobile handset.”
A threat actor looking to deploy spyware could use this information to exploit specific vulnerabilities, tailor their malicious payloads to the target device, or even craft more effective phishing campaigns. That said, there is no evidence that this security hole has been exploited in the wild in recent months.
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
I don’t know if it’s just me or iff perhaps
everyone else encountering problems with your blog.
It appears as if some of the written text on your posts
are running off the screen. Can someone else please provide feedback and let me know if
this is happening to them too? This could be a issue with my browser because I’ve had thiss
happen previously. Thanks https://odessaforum.biz.ua/
I don’t know if it’s just me orr if perhaps everyone else encountering prfoblems
with your blog. It appears as if some of the written text on your posts are running off the screen. Can sojeone else please provvide
feedback and let me know iff this is happening to them too?
This could be a issue with my browser because I’ve had this happen previously.
Thanks https://odessaforum.biz.ua/
Be it alone or with your partner. Share all your secret thoughts with me. Dirty fantasies natural cam girls are welcome with me! Here you get uninhibited dirty talk from me, dirty and secret dreams are lived and come true. I show you horny and want to see it from you! I look forward to seeing you on cam!