Meta Platforms has declared to have adopted a series of measures to limit the malicious activities of eight different companies based in Italy, Spain and the United Arab Emirates (UAE)operating in the contract surveillance industry.
These discoveries are part of his Adversary Threat Report for the fourth quarter of 2023; the spy software targeted iOS, Android and Windows devices.
What Meta tells us about these 8 spywares that target Windows, Android and iOS devices
“THE their various malware included features to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media and messaging apps, and enable microphone, camera and screenshot features“, said Meta.
The eight responsible companies according to Meta are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group and Mollitiam Industries.
These companies, according to Meta, also engaged in scraping, social engineering and phishing activities that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch and Telegram.
In particular, a network of false identities linked to RCS Labs, owned by Cy4Gate, has been accused of tricking users into getting their phone numbers and email addresses, as well as clicking on fake links to conduct reconnaissance.
Another group of now-removed Facebook and Instagram accounts associated with Spanish spyware vendor Variston IT, was used for developing and testing exploits, including sharing malicious links; last week are emerged news that the company is shutting down its operations.
Meta also said it had identified the accounts used by Negg Group to test the distribution of its spywareas well as from Mollitiam Industries, a Spanish company that advertises a data collection and spyware service targeting Windows, macOS and Android, to collect public information.
Additionally, the social media giant acted on networks from China, Myanmar and Ukraine that exhibited coordinated inauthentic behavior (CIB), removing over 2,000 accounts, pages and groups from Facebook and Instagram.
While the China cluster has targeted US audiences with content related to criticism of US foreign policy towards Taiwan and Israel and its support for Ukraine, the network originating from Myanmar targeted its residents with original articles praising the Burmese military and denigrating ethnic armed organizations and minority groups.
The third cluster is known for using fake pages and groups to publish content in support of Ukrainian politician Viktor Razvadovskyialso sharing “supportive comments about the current government and critical comments about the opposition” in Kazakhstan.
These developments come as a coalition of governments and tech companies, including Meta, has signed an agreement to limit the abuse of commercial spy software to commit human rights abuses.
As countermeasures, the company has introduced new features such as Control Flow Integrity (CFI) enabled on Messenger for Android and VoIP memory isolation for WhatsApp in an effort to make exploitation more difficult and reduce the overall attack surface.
Said this, the surveillance industry continues to thrive in multiple and unexpected forms; last month, 404 Media, based on previous research of the Irish Council for Civil Liberties (ICCL) in November 2023, has revealed a surveillance tool called Patternz which uses real-time advertising data (RTB) collected from popular apps like 9gag, Truecaller and Kik to track mobile devices.
“Patternz enables national security agencies to use real-time and historical generated advertising data to detect, monitor and predict user actions, security threats, and anomalies based on user behavior, location patterns, and mobile usage characteristics“, has stated ISA, the Israeli company behind the product, on its website.
Last week, Aeneas has revealed a previously unknown mobile network attack called MMS Fingerprint, supposedly used by Pegasus manufacturer NSO Group. This information was included in a 2015 contract between the company and Ghana's telecommunications regulator.
While the exact method used remains somewhat of a mystery, the Swedish telecom security company suspects that it likely involves the use of MM1_notification.REQa special type of SMS message called a binary SMS that alerts the recipient device of an MMS waiting to be retrieved from the Multimedia Messaging Service Center (MMSC).
The MMS is then retrieved using MM1_retrieve.REQ and MM1_retrieve.RES, with the first being an HTTP GET request to the URL address contained in the MM1_notification.REQ message.
What is notable about this approach is that the user's device information as a User-Agent (different from a web browser's User-Agent string) And x-wap-profile they are embedded in the GET request, thus acting as a sort of fingerprint.
“The User-Agent (MMS) is a string that typically identifies the operating system and device“, declared Enea. “x-wap-profile indicates a UAProf (User Agent Profile) file that describes the capabilities of a mobile phone.”
A cybercriminal eager to distribute spyware could use this information to exploit specific vulnerabilities, adapt their malicious payloads to the target device, or even create more effective phishing campaigns. However, there is no evidence that this security flaw has been exploited in the real world in recent months.
#Meta #Warns #Spyware #Android #Windows #iOS #Devices
