RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2023/03/28 17:43:41

Stalker Software (spyware)

Content

Stalker software is a commercial program that can be used for covert surveillance and intrusion into a person's personal life. Such programs are sold mainly through specialized sites, as official app stores try to prevent their placement at home.

Stalker programs allow you to view photos and files stored on the user's device, through it you can spy on a person through the camera of his smartphone in real time, as well as see the calendar and contact list, determine the location, read browser history, SMS and correspondence in instant messengers and record negotiations. Some applications allow you to remotely monitor your device.

Malware (malware)

Main article: Malware (malware)

2023: U.S. president signs executive order barring authorities from using spyware

On March 27, 2023, U.S. President Biden signed a decree prohibiting the authorities from using commercial spyware that poses a threat to national security.

The publication of the White House says that spy cyber tools are becoming more widespread. They are used to unauthorized "remote access to electronic devices, extract their contents and manipulate components without the knowledge or consent of users." In addition, such software, it is alleged, condones the violation of human rights: it serves, among other things, to intimidate political opponents, restrict freedom of expression, as well as to monitor the activities and persecution of activists and journalists.

Commercial spyware condones human rights abuses, White House says
File:Aquote1.png
The proliferation of commercial spyware poses clear and worsening threats to US security, including risks to government employees and their families, the White House said in a statement.
File:Aquote2.png

The document also emphasizes that the abuse of these cyber surveillance tools "is not limited to authoritarian regimes." Democratic governments also face evidence that certain individuals within government agencies use commercial spyware to track citizens "without proper legal permission and control."

The signed decree applies to departments and agencies of the US federal government, including those engaged in law enforcement, defense or intelligence activities. The document, as noted, will serve as the basis for deepening international cooperation with the aim of responsible use of tracking technologies. The decree is designed to stop the misuse of spyware and stimulate industry reforms.[1]

2022

Russians faced a spy virus spread through Telegram

In December 2022, it became known that the Russians were faced with the TgRAT spy virus spread through Telegram. According to Positive Technologies, the malware uses the Telegram infrastructure as control channels and can take screenshots, download files to the attacked node, download data from the node to the control server. Read more here.

European Parliament: EU authorities used spyware to cover up corruption and other crimes

In November 2022, the European Parliament issued a report stating that governments European Union used "espionage against ON their citizens for political purposes and to conceal corruption and criminal activity."

According to MEP Sofia In 't Weld, one of the authors of the report, the spy system ON is "deeply rooted in Europe" and is not controlled in any way. She noted that absolutely all EU countries use spyware, and most often Hungary-,,, and Greece. Spain Cyprus

The European Parliament has released a report stating that EU governments used spyware against their citizens for political purposes and to hide corruption and criminal activity

{{quote'This is a direct threat to European democracy... This leads to the jamming of critical opposition votes, the freezing of civil society, the manipulation of elections. At the same time, those responsible for this are sitting in the European Council, the deputy said. }} She said that each EU country has its own role. Cyprus and Bulgaria are export centers, Luxembourg is the zone where software sellers conduct their financial business, Ireland provides preferential tax conditions, Malta with its "golden passports" is a comfortable home for the bosses of this business. Italy, France and Austria are the sites of software development and production, the Czech Republic annually holds international spy software fairs, and Germany, Belgium and the Netherlands have admitted to varying degrees that their police officers use this software.

In 't Weld stressed that government officials of EU countries refuse to answer any questions as part of the investigation through the European Parliament.

On November 7, 2022, we received a response from the EU Council to our letter sent in July. It says: thank you for your appeal, but this is not your business, the European Parliament, we do not consider it necessary to report to anyone, leave behind, "she said[2]


Greece banned from selling spyware after ministerial phone wiretapping scandal

On November 8, 2022, the Greek government announced a ban on the sale of spyware after media reports of a phone-tapping scandal that killed at least 30 people, including politicians and businessmen.

File:Aquote1.png
We will not allow the issues that poison Greek society to remain a shadow, "government spokesman Giannis Oikonomu told reporters on Monday.
File:Aquote2.png

Greece banned from selling spyware

This step was taken after the Documento newspaper published a list of people whose phones were allegedly infected with Predator malware. She cited two sources who played a role in the surveillance, allegedly on behalf of the government.

Greek Prime Minister Kyriakos Mitsotakis called the allegations "incredible lies," adding that the report is unfounded because it has no evidence that his cabinet was behind the surveillance.

Oikonomu had previously stated that the Greek state had not used or bought any such spyware, and added that the judiciary would investigate the report.

The Documento report was the latest development in a wiretapping scandal that has sparked political unrest in Greece as the European Union takes a tougher view of the use and sale of spyware. The Greek prosecutor launched an investigation in early 2022.

Most of the alleged victims, including the former Conservative prime minister and current foreign and finance ministers, declined to comment or told the newspaper they were unaware of the case.

File:Aquote1.png
It's disgraceful and disgusting when someone assumes the prime minister is following his foreign secretary. And extremely dangerous, "Mitsotakis said. We don't know who runs these centers. But what we're absolutely sure of is that it's not EYP. And obviously I wasn't involved in that.[3]
File:Aquote2.png

2021

EC fell victim to Israeli spyware

Senior officials of the European Commission in 2021 were are attacked espionage ON production of a certain the Israeli company. This became known on April 11, 2022. More. here

Spyware surge on Android platform recorded in Russia

On February 22, 2022 data , global telemetry became known ESET for the period from September to December 2021, which indicate an increase in spyware activity by more than 20%. At the same time, every tenth attack stalking and espionage in the world is aimed at users from. Android Russia

Monitoring malware most often has the following functionality:

  • location recording and logging of Internet activity;
  • recording clicks when typing and sending screenshots of the screen to a third-party server;
  • blocking of operating system protective elements;
  • working in hidden mode without notifications and masking as standard utilities.

File:Aquote1.png
Unwanted stalking software is overwhelmingly distributed through clones of legal applications downloaded from unofficial stores. However, commercial developers who openly offer spyware are also gaining popularity in the market. They usually position their products as a means of spying on a sexual partner, "explained ESET threat researcher Lucas Stefanko.
File:Aquote2.png

In general, in 2021, the volume of all types of threats to Android increased fivefold compared to 2020. In 2021, malware against users of this OS was most active on Saturdays and Sundays. And on Tuesdays, ESET telemetry detected the fewest attacks.

2020: Russia leads the distribution of stalker software

Russia was in 1st place in terms of the number of users of mobile devices infected with the so-called stalker software. This is evidenced by the data of Kaspersky Lab, released at the end of August 2020.

According to the antivirus developer, in Russia the number of owners of gadgets with installed spyware in the first half of 2020 increased by 28% compared to the same period in 2019.

Russia was in 1st place in terms of the number of owners of devices infected with spyware

In the whole world, the number of users on whose mobile devices stalker software was found is also growing: in the first six months of 2020, it increased by 39% compared to the same period last year. In Europe, such programs are most often recorded on devices of German, Italian and British users.

As noted in Kaspersky Lab, by August 2020, stalker software is being used more and more actively, even though in the second quarter the number of users on whose devices such programs were recorded decreased slightly. This could happen because as a result of self-isolation, many began to spend much more time at home, and with the help of stalker applications, users most often monitor their loved ones.[4]

2019: EvilGnome malware spies on Linux users

On July 18, 2019, it became known that experts on cyber security discovered a rare spy aimed ON at compromising data users. As of Linux July 2019, the malware cannot be detected using the main anti-virus programs. Dubbed EvilGnome, spyware includes rare Linux malwares functionality, according to researchers at Intezer Labs.

EvilGnome

As reported, compared to the number of Windows malware-targeted Linux cannot boast of such "popularity." There are very few Linux malware, most of which do not even have a wide range of functionality. Malware aimed at the Linux ecosystem is most often focused on cryptomining and creating - DDoS botnets by capturing the vulnerable. servers

However, researchers at Intezer Labs recently discovered an embedded backdoor for Linux, which is most likely under development and testing as computers of July 2019, but already contains several malicious modules for tracking Linux desktop users.

EvilGnome malware is capable of taking screenshots, stealing files, recording sound from a microphone, and downloading and running additional malicious modules.

EvilGnome malware disguises itself as an official GNOME extension that allows Linux users to expand desktop functionality. EvilGnome is distributed as a self-extracting archived shell script created using "makeself," a small shell script that generates a self-extracting compressed.tar archive from a folder.

EvilGnome contains five malicious modules collectively called Shooters. Specifically, the ShooterSound module uses PulseAudio to record microphone sound. The ShooterImage module uses the open source Cairo library to take screenshots. The ShooterFile module uses a filter list to scan the file system for newly created files. The ShooterPing module receives commands from the attacker's C&C server, such as downloading and executing files, installing filters, etc. The ShooterKey module can be used for keylogging, but it is not yet involved. Most likely, the module is at the development stage.

The researchers also found a connection between EvilGnome and the hacker group Gamaredon Group, allegedly associated with the Russian Federation. The group has been active since 2013 and is known for attacks on people associated with the Ukrainian government.

Because antivirus and security software for July 2019 cannot detect EvilGnome malware, the researchers recommend Linux-based desktop users block the management server IP addresses listed in the IOC section of the Intezer Labs blog. [5]

Notes