FlagThis

A bug in phone spyware apps Cocospy and Spyic is exposing the phone data of approximately 2.65 million people. The bug also exposes the email addresses of the people who signed up. Now those email addresses are in Have I Been Pwned.

Russian state-sponsored hackers are actively exploiting the “linked devices� feature in Signal Messenger to conduct cyber-espionage campaigns. Groups like APT44 (Sandworm), UNC5792, UNC4221, and Turla target military personnel, politicians, and activists to compromise their secure communications. These actors abuse Signal’s feature to gain persistent access to accounts, using phishing tactics to trick users into linking their devices to attacker-controlled systems. Mandiant warns of the real-time spying risks associated with this activity, which primarily targets Ukrainian entities amidst Russia’s ongoing invasion.

Italian spyware vendor SIO has been caught distributing malicious Android applications that masquerade as popular apps like WhatsApp. Dubbed “Spyrtacus”, the spyware steals victim’s phone data and targets users in Italy. SIO claims to sell its products to government customers, law enforcement agencies, police, and intelligence agencies. The identity of victims remains unknown.

A zero-click spyware attack, attributed to Israeli firm Paragon, targeted around 90 WhatsApp users, including journalists and civil society members. This attack did not require any user interaction, making it very dangerous. The spyware was delivered via malicious PDFs sent through WhatsApp groups. This campaign highlights how threat actors are constantly developing sophisticated techniques to compromise mobile devices using zero-click attacks and highlights the risk to journalists and activists. WhatsApp has taken steps to neutralize the attack and has notified all the victims.

Poland’s former justice minister, Zbigniew Ziobro, has been arrested in connection with the illegal use of NSO Group’s Pegasus spyware. He is accused of signing off on government funds to pay for the spyware, which was allegedly used to snoop on opposition leaders and supervise cases where the technology was deployed. The arrest follows a probe into the use of Pegasus spyware by the previous government.

Apple is notifying users who are likely targeted by government-sponsored spyware, but is redirecting them to third-party security labs instead of performing forensic analysis. This decision stems from their position that in-depth forensic analysis could inadvertently reveal spyware capabilities to the attackers. This approach is praised by security experts as it balances victim protection and security research.

Amnesty International has exposed Serbian police’s use of Cellebrite’s forensic tools to extract data from journalists and activists’ phones, followed by the installation of a new Android spyware called NoviSpy. The spyware is suspected to be linked to the Serbian intelligence services, highlighting the misuse of surveillance technology against civil society and journalists. This sophisticated attack vector showcases a dangerous trend of using Cellebrite’s device-unlocking technology to plant malware.

The Russian-aligned Gamaredon APT group has been attributed to the development and deployment of two new Android spyware families named BoneSpy and PlainGnome. BoneSpy has been active since 2021, while PlainGnome appeared in 2024. These tools are used to target former Soviet states, focusing on Russian-speaking victims, and are used for surveillance purposes. These sophisticated malwares collect sensitive data including SMS messages, call logs, device location, and contact lists. PlainGnome acts as a dropper for the surveillance payload, while BoneSpy is deployed as a standalone application.

This cluster reports on findings by iVerify regarding the widespread use of Pegasus spyware. The research indicates a broader impact than previously known, affecting not just high-profile individuals but also ordinary users. This underscores the ongoing threat of sophisticated spyware and the need for robust mobile security.

The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.

Unsealed court documents reveal that the NSO Group, developers of the Pegasus spyware, cut off access for 10 government clients due to misuse of the software. The documents also detail the existence of three exploits targeting WhatsApp users and estimate that Pegasus was deployed on hundreds to tens of thousands of devices. This highlights ongoing concerns around state-sponsored surveillance and the abuse of powerful spyware technologies.