In a significant move towards safeguarding users’ privacy and security, Meta Platforms has unveiled findings revealing the operations of eight spyware firms operating in Italy, Spain, and the United Arab Emirates (U.A.E.). These firms have been involved in surveillance-for-hire activities, posing threats to devices running on iOS, Android, and Windows operating systems.
The revelation comes as part of Meta’s latest Adversarial Threat Report for the fourth quarter of 2023. The spyware deployed by these companies exhibited alarming capabilities, including the unauthorized collection of sensitive data such as device information, location, media files, contacts, emails, messages, and access to camera and microphone functionalities.
Among the identified companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries. These entities have not only engaged in deploying spyware but also resorted to scraping, social engineering, and phishing tactics across various platforms including Facebook, Instagram, Twitter (now known as X), YouTube, and many others.
For instance, Cy4Gate’s subsidiary RCS Labs reportedly utilized fictitious personas to deceive users into disclosing personal information, while Variston IT was found utilizing fake accounts on Facebook and Instagram for exploit development and testing purposes. Interestingly, Variston IT recently announced the cessation of its operations, possibly in response to these revelations.
Meta also highlighted the testing activities conducted by Negg Group and Mollitiam Industries, shedding light on their attempts to refine spyware delivery mechanisms and data scraping techniques. Additionally, Meta took action against coordinated inauthentic behavior exhibited by networks originating from China, Myanmar, and Ukraine, removing over 2,000 accounts, Pages, and Groups from its platforms.
The Chinese network focused on disseminating content critical of U.S. foreign policies, while the Myanmar-based network propagated articles favoring the Burmese military. Moreover, a network from Ukraine was found promoting a particular political figure while simultaneously criticizing the opposition in Kazakhstan.
In response to these threats, Meta has introduced enhanced security features such as Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp. These measures aim to fortify the platforms against potential exploitation and reduce the overall attack surface.
Despite these efforts, the surveillance industry continues to evolve, as demonstrated by recent discoveries such as Patternz and the MMS Fingerprint attack. Patternz, discovered by 404 Media, leverages real-time bidding (RTB) advertising data from popular apps to track mobile devices, posing a significant privacy concern.
Similarly, Enea unveiled the MMS Fingerprint attack allegedly utilized by the NSO Group, the makers of Pegasus spyware. This attack exploits vulnerabilities in the Multimedia Messaging Service (MMS) protocol to fingerprint user devices, potentially aiding in targeted surveillance activities.
While there is no evidence of these vulnerabilities being exploited in recent months, they underscore the ongoing challenges in maintaining digital security and privacy. As such, continued vigilance and innovation are essential to stay ahead of emerging threats in the ever-evolving landscape of cybersecurity.
Interesting Article : Charming Kitten (APT35): Iranian Hackers Target Middle East Policy Experts
Pingback: CVE-2024-25600: WordPress Bricks Theme Under Active Attack