The Verge: Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS

The Verge: Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS. “A sophisticated spyware campaign is getting the help of internet service providers (ISPs) to trick users into downloading malicious apps, according to research published by Google’s Threat Analysis Group (TAG) (via TechCrunch). This corroborates earlier findings from security research group Lookout, which has linked the spyware, dubbed Hermit, to Italian spyware vendor RCS Labs.”

WIRED: Spyware Vendors Target Android With Zero-Day Exploits

WIRED: Spyware Vendors Target Android With Zero-Day Exploits. “NSO GROUP AND its powerful Pegasus malware have dominated the debate over commercial spyware vendors who sell their hacking tools to governments, but researchers and tech companies are increasingly sounding the alarm about activity in the wider surveillance-for-hire industry. As part of this effort, Google’s Threat Analysis Group is publishing details on Thursday of three campaigns that used the popular Predator spyware, developed by the North Macedonian firm Cytrox, to target Android users.”

Google: A Spyware Company Exploited 5 Chrome, Android Zero-Days in 2021 (PC Magazine)

PC Magazine: Google: A Spyware Company Exploited 5 Chrome, Android Zero-Days in 2021. “One spyware company exploited at least five zero-day vulnerabilities—four in the Chrome browser and one in the Android operating system—throughout 2021, according to Google. The company’s Threat Analysis Group (TAG) says the spyware maker in question is a North Macedonian firm known as Cytrox.”

Spain: 2021 spyware attack targeted prime minister’s phone (Associated Press)

Associated Press: Spain: 2021 spyware attack targeted prime minister’s phone. “The cellphones of Spain’s prime minister and defense minister were infected last year with Pegasus spyware, which is available only to countries’ government agencies, authorities announced Monday. Prime Minister Pedro Sánchez’s mobile phone was breached twice in May 2021, and Defense Minister Margarita Robles’ device was targeted once the following month, Cabinet Minister Félix Bolaños said.”

The New Yorker: How Democracies Spy on Their Citizens

The New Yorker: How Democracies Spy on Their Citizens. “Commercial spyware has grown into an industry estimated to be worth twelve billion dollars. It is largely unregulated and increasingly controversial. In recent years, investigations by the Citizen Lab and Amnesty International have revealed the presence of Pegasus on the phones of politicians, activists, and dissidents under repressive regimes. An analysis by Forensic Architecture, a research group at the University of London, has linked Pegasus to three hundred acts of physical violence.”

CTech: No one was immune: Israel Police Pegasus surveillance list revealed

CTech: No one was immune: Israel Police Pegasus surveillance list revealed. “Calcalist can reveal for the first time a list of dozens of citizens who were targeted by Israel Police, having their phones hacked by NSO spyware and their personal information swiped and filed away. The surveillance was conducted to phish for intelligence even before any investigation had been opened against the targets, and without judicial warrants. Israel Police said in response that its people are ‘cooperating with the Attorney General of Israel’s examination team.’”

CTech: Israeli police used NSO’s Pegasus to spy on local mayors, their relatives

CTech: Israeli police used NSO’s Pegasus to spy on local mayors, their relatives. “After last week’s multi-part exposé detailed how police’s SIGINT unit had been allegedly employing the controversial Pegasus malware to spy on civilians, Calcalist is revealing that law enforcement tapped the phones of at least three mayors and heads of local councils for the purposes of ‘phishing’ – all under the guise of intelligence activities.”

CTech: Israel police uses NSO’s Pegasus to spy on citizens

CTech: Israel police uses NSO’s Pegasus to spy on citizens. “Israel police uses NSO’s Pegasus spyware to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those who had their phones broken into by police are mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician. Calcalist learned that the hacking wasn’t done under court supervision, and police didn’t request a search or bugging warrant to conduct the surveillance.”

Reuters: Apple warns Thai activists “state-sponsored attackers” may have targeted iPhones

Reuters: Apple warns Thai activists “state-sponsored attackers” may have targeted iPhones. “Apple Inc issued on Wednesday alert messages to at least six Thai activists and researchers who have been critical of the government, warning it believed their iPhones had been targeted by ‘state-sponsored attackers’, according to activists and the alerts reviewed by Reuters.”

US cuts off Pegasus developer: What you need to know about this spyware (CNET)

CNET: US cuts off Pegasus developer: What you need to know about this spyware. “Pegasus has been a politically explosive issue that’s put Israel under pressure from activists and from governments worried about misuse of the software. France and the US earlier raised concerns, and NSO has suspended some countries’ Pegasus privileges. On Wednesday, the US federal government took much stronger action, blocking sale of US technology to NSO by putting the company on the government’s Entity List.”