Security News Google Links Over 60 Zero-Days to Commercial Spyware Vendors

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,123
More than 60 of the Apple, Adobe, Google, Microsoft, and Mozilla product zero-day vulnerabilities that have come to light since 2016 have been attributed to commercial spyware vendors, Google said in a new report published on Tuesday.

The tech giant’s report provides insights into the operations of companies that help governments install spyware on devices. While these commercial spyware vendors claim that their products and services are only used for lawful surveillance, typically for law enforcement purposes, numerous investigations have shown that oppressive regimes are using them to target political opponents, journalists, dissidents, and human rights defenders.
Google’s Threat Analysis Group (TAG) currently tracks roughly 40 commercial spyware vendors that develop and sell exploits and malware to governments.

In its latest report, Google names 11 of these vendors, including Candiru, Cy4Gate, DSIRF, Intellexa, Negg, NSO Group, PARS Defense, QuaDream, RCS Lab, Variston, and Wintego Systems.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry.

The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.

"Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality," the company said.

The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch and Telegram.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top