Microsoft, Google, Citizen Lab Blow lid Off Zero-day Exploiting Spyware Sold to Governments

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.theregister.com/2021/07/16/microsoft_candiru_malware/
On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets' machines.

Redmond said at least 100 people – from politicians, human rights activists, and journalists, to academics, embassy workers and political dissidents – have had their systems infiltrated by Sourgum's code; about half are in Palestine, and the rest dotted around Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.Once it has comprehensively compromised a Windows PC, DevilsTongue can exfiltrate the victim's files, obtain their login credentials for online and network accounts, snoop on chat messages, and more. Candiru also touts spyware that can infect and monitor iPhones, Android devices, and Macs, as well as Windows PCs, it is claimed. The products are said to be on sale to government agencies and other organizations, which then use the espionage software against their chosen targets.
Click to expand...
"This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services." We're told that at least 764 domain names were found that were likely used in some way to push Candiru's malware to victims: websites using these domains typically masqueraded as legit sites belonging to Amnesty International and refugee organizations, the United Nations, government websites, news outlets, and Black Lives Matter communities.
Click to expand...
www.theregister.com

Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments

100+ dissidents, politicians, journos targeted by Israeli espionage toolkit
www.theregister.com www.theregister.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: [correlate], Andy Ful, silversurfer and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,166
A similar Microsoft article in relation to the Defender protection:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-951150

Here are other interesting articles from Citizen Lab about the spyware and stalkerware application Industry:
https://citizenlab.ca/docs/stalkerware-holistic.pdf
https://citizenlab.ca/2019/06/the-dangerous-effects-of-unregulated-commercial-spyware/

A similar article about exploiting weaknesses in the global mobile phone systems to spy people:
https://citizenlab.ca/2020/12/runni...g-the-clients-of-cyberespionage-firm-circles/

These dangerous exploits and tools can be also reused by (cyber) criminal groups like in the case of NSA exploits.
Not a good scenario.:(
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, [correlate], ForgottenSeer 85179 and 1 other person
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
Debunking Runa Sandvik — CatalanGate Spyware
Replies
0
Views
1,019
News Archive
[correlate]
[correlate]
silversurfer
    • +Reputation
    • Like
Security News Google Links Over 60 Zero-Days to Commercial Spyware Vendors
Replies
1
Views
1,853
Security News
vtqhtr413
vtqhtr413
K
    • Like
    • Thanks
    • HaHa
Security News Poland launches Pegasus spyware probe
Replies
3
Views
2,892
Security News
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top