Categories: Tech

Amnesty International exposes sophisticated spyware campaign targeting Google’s Android

Commercial spyware vendors are exploiting zero-day vulnerabilities to target Android and iOS devices, according to a report by Google’s Threat Analysis Group (TAG). The report revealed that two highly targeted campaigns utilized zero-day vulnerabilities, which allowed vendors to arm governments and target human rights workers, journalists, dissidents, and opposition party politicians.

Amnesty International exposes a sophisticated spyware campaign

Amnesty International’s Security Lab has exposed a sophisticated hacking campaign by a spyware company that targets Google’s Android operating system. The campaign showed all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks. The newly discovered spyware campaign has been active since at least 2020 and targeted mobile and desktop devices, including users of Google’s Android operating system.

Exploits used in the attacks

The exploits used in the hacking campaign included zero-day and n-day vulnerabilities delivered via SMS messages over shortened links. One of the campaigns targeted users in Italy, Malaysia, and Kazakhstan using these methods, while the other targeted Android users in the United Arab Emirates with one-time attack links sent over SMS.

The iOS exploit chain used multiple bugs, including a zero-day vulnerability, to install an .IPA file onto the device. The Android exploit chain used three exploits to deliver an unspecified payload. Meanwhile, the second campaign targeted the latest version of Samsung Internet Browser and used several zero-days and n-days delivered via SMS to devices located in the U.A.E.

Malicious domains used

The spyware and zero-day exploits were delivered from an extensive network of more than 1000 malicious domains. These domains included ones spoofing media websites in multiple countries.

Global moratorium required

Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. Amnesty International is urging people to ensure they have the latest security updates on their devices to protect themselves from these threats. There is an urgent need for a global moratorium on the sale, transfer, and use of spyware until robust human rights regulatory safeguards are in place to prevent these sophisticated cyber-attacks from being used as a tool of repression against activists and journalists.

US President Biden has signed an executive order restricting the government’s use of commercial spyware technology that poses a threat to human rights. However, this will not be enough without similar actions from other countries around the world.

Google active tracking

Google is actively tracking more than 30 vendors known to sell surveillance capabilities or exploits to government-sponsored threat actors worldwide. The tech giant has linked an exploit framework targeting Chrome, Firefox, and Microsoft Defender vulnerabilities to the Variston IT Spanish software company.

Internet Service Providers (ISPs) helped Italian spyware vendor RCS Labs to infect devices of Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. Another surveillance campaign was brought to light by Google TAG, where state-sponsored attackers exploited five zero-days to install Predator spyware developed by Cytrox.

Urgent need for international legal framework

The spyware industry poses a critical threat to human rights defenders and civil society around the world. It is important to put measures in place to stop these abuses and protect human rights in the digital age. This includes an urgent need for an international moratorium on the development, use, transfer, and sale of spyware technologies until there is a global legal framework in place.

In conclusion, commercial spyware vendors are exploiting zero-day vulnerabilities to target Android and iOS devices for spying purposes. Governments around the world must take serious steps towards imposing sanctions on companies that develop such technologies for malicious purposes. It’s high time companies put robust measures in place to prevent these sophisticated cyber-attacks from being used as a tool of repression against activists and journalists.

Image Source: Wikimedia Commons

Seth Obrien

Seth Obrien is a seasoned journalist with experience in writing news articles across various topics. With a passion for storytelling, Seth has a talent for bringing the latest news stories to life. When he's not writing, he enjoys hiking and exploring nature.

Recent Posts

Thousands to Participate in Belfast City Marathon Despite Road Closures

Belfast City Marathon 2023 Road Closures ConfirmedBelfast City Marathon organizers have confirmed the details of…

2 years ago

Fowler Native Adysen Koenigsknecht Overcomes Battle with Celiac Disease to Run Boston Marathon

Adysen Koenigsknecht's Remarkable Journey to the Boston MarathonAdysen Koenigsknecht has come a long way since…

2 years ago

ESPN Anchor John Anderson to Lead Boston Marathon Broadcast

Anderson's Passion for Track and Field Leads to Boston Marathon RoleESPN's SportsCenter anchor John Anderson…

2 years ago

Seth Rollins appeals to fans for help in funding friend’s lung transplant surgery

Seth Rollins, WWE superstar and former Universal Champion, has appealed to his fans for support…

2 years ago

2023 Boston Marathon to Showcase Elite Runners and Star-Studded Celebrities

The 2023 Boston Marathon is gearing up to be a historic event, as it will…

2 years ago

Community of Golden Retrievers Honors Spencer and Penny, the Beloved Boston Marathon Dogs

A Heartwarming Tribute to Spencer and PennyA group of golden retrievers participated in a touching…

2 years ago