- Jul 27, 2015
On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets' machines.
Redmond said at least 100 people – from politicians, human rights activists, and journalists, to academics, embassy workers and political dissidents – have had their systems infiltrated by Sourgum's code; about half are in Palestine, and the rest dotted around Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.Once it has comprehensively compromised a Windows PC, DevilsTongue can exfiltrate the victim's files, obtain their login credentials for online and network accounts, snoop on chat messages, and more. Candiru also touts spyware that can infect and monitor iPhones, Android devices, and Macs, as well as Windows PCs, it is claimed. The products are said to be on sale to government agencies and other organizations, which then use the espionage software against their chosen targets.
"This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services." We're told that at least 764 domain names were found that were likely used in some way to push Candiru's malware to victims: websites using these domains typically masqueraded as legit sites belonging to Amnesty International and refugee organizations, the United Nations, government websites, news outlets, and Black Lives Matter communities.