Spyware developed and sold by a UK-based company has been used to snoop on dissidents in autocratic regimes, according to two security researchers.
The software, legitimately produced and sold by British firm Gamma International, has somehow managed to find its way into the hands of some of the most repressive governments in the world.
According to Google security researcher Morgan Marquis-Boire and Berkeley student Bill Marczak, the spyware was found in email attachments sent to several activists in Bahrain.
Their investigation found the spyware infected not just PCs but a range of devices running popular mobile operating systems, such as iOS, Android, RIM, Symbian, and Windows Phone 7.
The spyware boasts capabilities such as live surveillance via "silent calls" and location tracking. It also has the ability to track all forms of communication, including emails and voice calls as well as cameras and microphones.
A study carried out by University of Toronto Munk School of Global Affairs' Citizen Lab found an application that purports to be FinSpy, a piece of commercial spyware sold to countries for criminal investigations.
Gamma Group, the German parent of UK-based Gamma International, developed FinSpy. Gamma's managing director Martin Muench told Bloomberg that the company had no involvement whatsoever in selling the software to despotic regimes.
"We don't normally discuss our clients but given this unique situation it's only fair to say that Gamma has never sold their products to Bahrain," said Muench.
"It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere."
Muench said his company could not confirm that software analysed by Citizen Lab was Gamma's product. He added that a modification would have been made to the software as "no message sent to our server when the demo product was used against a real target."
Marquis-Boire and Marczak told the New York Times that they found a connection to Gamma in these code samples. The spyware running on Symbian phones uses a certificate issued to Cyan Engineering, a website registered in the name of Johnny Geds.
Muench confirmed that Gamma employs someone of that name in sales but declined to make further comment.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Greek intelligence allegedly uses Predator spyware to wiretap Facebook security stafferNews The employee’s device was infected through a link pretending to confirm a vaccination appointment
-
North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email contentNews The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at risk
-
Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RATNews He created the RAT when he was aged just 15 and is estimated to have netted around $400,000 from the sale of it over six years
-
European company unmasked as cyber mercenary group with ties to RussiaNews The company that's similar to NSO Group has been active since 2016 and has used different zero-days in Windows and Adobe products to infect victims with powerful, evasive spyware
-
Mysterious MacOS spyware discovered using public cloud storage as its control serverNews Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind it
-
Apple launching Lockdown Mode with iOS 16 to guard against Pegasus-style spywareNews Apple breaks its bug bounty record with $2 million top prize, alongside $10 million grant funding, as it launches industry-first protections for highly targeted individuals
-
El Salvador becomes latest target of Pegasus spywareNews The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran government
-
Egyptian exiles targeted with Predator spyware resembling NSO Group's PegasusNews A high-profile politician and journalist have been targeted with spyware likely spread using WhatsApp messages
