Friday, March 29, 2024

Israel NSO Group’s Updated Cyber Weapon Can Spy Apple, Google, Facebook, Amazon, and Microsoft Cloud Servers Data

An Isreali cybersecurity company known as NSO Group developed spyware now spy cloud data from the servers of Apple, Google, Facebook, Amazon and Microsoft products over the latest iPhones and Android smartphones.

NSO Group developed spyware named as Pegasus that previously allowed to hack WhatsApp by exploiting the critical remote code execution vulnerability that resides in WhatsApp VOIP stack.

Pegasus is also known as flagship, a mobile spyware has been used almost a year by various spy agencies and government to spy data from targeted smartphones used by individuals.

NSO Group very concerns about their spyware and secretly maintaining their development of cyber weapons like Pegasus, which is only selling to governments to help prevent terrorist attacks and crimes. Important to mention that the Spy service costs millions of dollars.

Now the malware evolved with new capabilities to scrape the sensitive data, such as the full history of a target’s location data, archived messages or photos that stored beyond the phone in the cloud.

The new technique implemented with the spyware copy the authentication keys of services such as Google Drive, Facebook Messenger, and iCloud from infected.

“Having access to a “cloud endpoint” means eavesdroppers can reach “far and above smartphone content”, allowing information about a target to “roll in” from multiple apps and services.

According to the Financial Time report, NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents. 

How It Works

Newly updated spyware Pegasus can infect any mobile devices including, many of the latest Android and iPhone devices, also it gains access to the cloud data that uploaded from laptops, tablets, and phones.

Initially, an updated version of Pegasus Infect the target phone and clones the login credentials from the phone on to the servers that used to login and access the cloud data.

Later, it retrieves data including location and messages from the infected victim’s cloud that he/she uploaded from all of their connected devices in years.

The malware allows for open-ended access to the cloud data of those apps, without triggering additional security layers like “2-step verification or warning email on the target device.

“All the scraped data will eventually be used for surveillance operations and the spyware to be continuing its surveillance even if Pegasus removed from the initially targeted smartphone.” Financial Time learned from a sales pitch documents that shared by NSO Group to its customer.

“Amazon said it had found no evidence its corporate systems, including customer accounts, had been accessed by the software but said it would “continue to investigate and monitor the issue”.

Facebook said it was “reviewing these claims”. Microsoft said its technology was “continually evolving to provide the best protection to our customers” and urged users to “maintain a healthy device”, Financial Times reported.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles