Tuesday, October 15, 2024
HomespywareIsrael NSO Group’s Updated Cyber Weapon Can Spy Apple, Google, Facebook, Amazon,...

Israel NSO Group’s Updated Cyber Weapon Can Spy Apple, Google, Facebook, Amazon, and Microsoft Cloud Servers Data

Published on

Malware protection

An Isreali cybersecurity company known as NSO Group developed spyware now spy cloud data from the servers of Apple, Google, Facebook, Amazon and Microsoft products over the latest iPhones and Android smartphones.

NSO Group developed spyware named as Pegasus that previously allowed to hack WhatsApp by exploiting the critical remote code execution vulnerability that resides in WhatsApp VOIP stack.

Pegasus is also known as flagship, a mobile spyware has been used almost a year by various spy agencies and government to spy data from targeted smartphones used by individuals.

- Advertisement - SIEM as a Service

NSO Group very concerns about their spyware and secretly maintaining their development of cyber weapons like Pegasus, which is only selling to governments to help prevent terrorist attacks and crimes. Important to mention that the Spy service costs millions of dollars.

Now the malware evolved with new capabilities to scrape the sensitive data, such as the full history of a target’s location data, archived messages or photos that stored beyond the phone in the cloud.

The new technique implemented with the spyware copy the authentication keys of services such as Google Drive, Facebook Messenger, and iCloud from infected.

“Having access to a “cloud endpoint” means eavesdroppers can reach “far and above smartphone content”, allowing information about a target to “roll in” from multiple apps and services.

According to the Financial Time report, NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents. 

How It Works

Newly updated spyware Pegasus can infect any mobile devices including, many of the latest Android and iPhone devices, also it gains access to the cloud data that uploaded from laptops, tablets, and phones.

Initially, an updated version of Pegasus Infect the target phone and clones the login credentials from the phone on to the servers that used to login and access the cloud data.

Later, it retrieves data including location and messages from the infected victim’s cloud that he/she uploaded from all of their connected devices in years.

The malware allows for open-ended access to the cloud data of those apps, without triggering additional security layers like “2-step verification or warning email on the target device.

“All the scraped data will eventually be used for surveillance operations and the spyware to be continuing its surveillance even if Pegasus removed from the initially targeted smartphone.” Financial Time learned from a sales pitch documents that shared by NSO Group to its customer.

“Amazon said it had found no evidence its corporate systems, including customer accounts, had been accessed by the software but said it would “continue to investigate and monitor the issue”.

Facebook said it was “reviewing these claims”. Microsoft said its technology was “continually evolving to provide the best protection to our customers” and urged users to “maintain a healthy device”, Financial Times reported.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Spyware App Found Running on Multiple US Hotel Check-In Computers

A consumer-grade spyware app named pcTattletale has been discovered running on the check-in systems...

LightSpy Hackers Target Indian Apple Device Users To Steal Sensitive Data

Hackers target Apple device users because they are perceived to be of higher social...

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....