Forwarded from Pegasus NSO & other spyware
LianSpy: Android spyware leveraging Yandex Disk as C2 | Securelist –
@androidMalware
#Russia #Android #LianSpy #Spyware
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.@androidMalware
#Russia #Android #LianSpy #Spyware
#NSO – not government clients – operates its #spyware, legal documents reveal.
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker – and not its government customers – is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
https://www.theguardian.com/technology/2024/nov/14/nso-pegasus-spyware-whatsapp
#pegasus
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker – and not its government customers – is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.
https://www.theguardian.com/technology/2024/nov/14/nso-pegasus-spyware-whatsapp
#pegasus
the Guardian
NSO – not government clients – operates its spyware, legal documents reveal
Details of emerge in sworn depositions by employees of Israeli company as part of lawsuit brought by WhatsApp