Tag: spyware
-
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The firstMuddyWatercampaign wasobservedin late 2017, when the APT group targeted entities in…
-
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX.Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it…
-
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hackers-new-android-spyware/
-
Four new Android spyware samples linked to Iran’s intel agency
Persians added snooping capabilities to DCHSpy after Israeli bombs fell First seen on theregister.com Jump to article: www.theregister.com/2025/07/21/muddywaters_android_iran/
-
âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Datacarry Ransomware DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal Batavia spyware steals data from Russian organizations Taking SHELLTER: a commercial evasion framework abused in- the- wild Open Source Malware Index Q2 2025: Data exfiltration remains…
-
Can an ‘ethical’ spyware maker justify providing its tech to ICE?
Analysis: In calling itself an ethical spyware vendor, Paragon has opened itself up to scrutiny of its government customers. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/can-an-ethical-spyware-maker-provide-its-tech-to-ice/
-
Spyware on Androids Soars
In general, malware aimed at Androids rose 151% in February and March but a whopping increase came with the 692% jump in SMS-based malware that occurred in April and May. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/spyware-on-androids-soars/
-
Former Mexican president investigated over allegedly taking bribes from spyware industry
The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus, the powerful spyware manufactured by Israel-based NSO Group. First seen on therecord.media Jump to article: therecord.media/former-mexican-president-investigated-spyware-bribes
-
Spyware Campaign Hits Russian Industrial Firms
Phishing Emails Disguise Malware as Contract Files. A Russian cybersecurity company is warning that hackers are targeting Russia’s industrial sector using a previously undocumented spyware, reeling them in with contract-themed emails lures. Kaspersky dubbed the spyware Batavia. but doesn’t attribute the campaign to a threat actor. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-campaign-hits-russian-industrial-firms-a-28928
-
Appeals court clears path for El Salvadoran journos to sue spyware maker
The court vacated the district court’s decision to dismiss the case against NSO Group, saying it abused its discretion in doing so. First seen on cyberscoop.com Jump to article: cyberscoop.com/appeals-court-clears-path-for-el-salvadoran-journos-to-sue-spyware-maker/
-
New spyware strain steals data from Russian industrial companies
Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets. First seen on therecord.media Jump to article: therecord.media/spyware-strain-steals-data-russian-industrial-sector
-
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia.The activity, per cybersecurity vendor Kaspersky, has been active since July 2024.”The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The main goal…
-
New Batavia spyware targets Russian industrial enterprises
Since March 2025, fake contract emails have been spreading Batavia spyware in targeted attacks on Russian organizations. Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. The attack, ongoing since July 2024, begins with links to…
-
Malware Attacks on Android Devices Surge in Q2, Driven by Banking Trojans and Spyware
Dr.Web Security Space for mobile devices reported that malware activity on Android devices increased significantly in the second quarter of 2025. Adware trojans, particularly from the Android.HiddenAds family, remained the most prevalent threat, despite an 8.62% decrease in user encounters. These trojans often disguise themselves as harmless apps or hide within system directories, concealing their…
-
‘Batavia’ Windows spyware campaign targets dozens of Russian orgs
A previously undocumented spyware called ‘Batavia’ has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/batavia-windows-spyware-campaign-targets-dozens-of-russian-orgs/
-
Batavia Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads
Batavia, an unidentified spyware, has been using a sophisticated phishing operation to target Russian industrial organizations since July 2024. Kaspersky researchers have identified a sharp rise in detections since early March 2025, with over 100 users across dozens of organizations falling prey to bait emails disguised as contract agreements. These emails, often containing file names…
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats
Dr.Web reports Android malware surge in Q2 with adware, banking trojans and crypto theft hidden in fake apps, firmware and spyware targeting users. First seen on hackread.com Jump to article: hackread.com/android-malware-adware-trojan-crypto-theft-q2-threats/
-
A flaw in Catwatchful spyware exposed logins of +62,000 users
A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered…
-
A flaw in Catwatchful spyware exposed logins of +62,000 users
A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered…
-
Catwatchful Android Spyware Leaks Credentials of 62,000+ Users
A major security lapse has exposed the credentials of over 62,000 users of Catwatchful, a full-featured Android spyware app that openly markets itself as a tool for covert surveillance. The breach, discovered by a security researcher, highlights the persistent risks posed by stalkerware and the dangers of storing sensitive user data without adequate safeguards. Catwatchful…
-
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus
A Mexican drug cartel spies on the FBI using traffic cameras and spyware, because “ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-424/
-
Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
The spyware operation’s exposed customer email addresses and passwords were shared with data breach notification service Have I Been Pwned. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/02/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones/
-
SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data
Kaspersky uncovers SparkKitty, new spyware in Apple App Store Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps. First seen on hackread.com Jump to article: hackread.com/sparkkitty-spyware-app-store-play-store-steals-photos-crypto/
-
New Paragon spyware attacks involve FreeType zero-day bug
First seen on scworld.com Jump to article: www.scworld.com/brief/new-paragon-spyware-attacks-involve-freetype-zero-day-bug
-
SparkKitty Targets iOS and Android Devices via App Store and Google Play Attacks
A sophisticated spyware campaign, dubbed SparkKitty, has emerged as a significant threat to both iOS and Android users, infiltrating even the official app stores like Google Play and the App Store. First detected in connection with the earlier SparkCat campaign from January 2025, which targeted crypto wallet seed phrases, SparkKitty has since evolved into a…
-
Android Spyware SpyNote Masquerading as Google Translate Found in Open Directories
Our team stumbled upon a disturbing array of SpyNote spyware samples lurking in open directories across the internet. These misconfigured digital repositories, often overlooked as mere storage spaces, have become unwitting hosts to dangerous malware targeting Android users. Uncovering Hidden Threats in Open Digital Repositories Disguised as legitimate applications like Google Translate, Temp Mail, and…
-
Paragon Commercial Spyware Infects Prominent Journalists
Tags: spywareAn unnamed customer of Paragon’s Graphite product used the commercial spyware to target at least two prominent European journalists in recent months. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/paragon-commercial-spyware-prominent-journalists
-
DeerStealer Malware Deployed Through Exploitation of Windows Run Prompt by Threat Actors
The eSentire’s Threat Response Unit (TRU) has uncovered a series of malicious campaigns throughout May 2025, where threat actors have been deploying the DeerStealer malware, also known as XFiles Spyware, using the HijackLoader malware loader. This sophisticated information stealer, peddled on dark-web forums by a user named “LuciferXfiles,” is designed to harvest a wide array…