The messages themselves ranged from a simple “message not sent” text to more aggressive attempts, which masqueraded as the US Embassy’s visa division or a bereaved friend sending details of a funeral. Some texts even posed as Amber Alerts, claiming to offer details on a missing child. Once clicked, the software exploited a trio of previously disclosed iOS vulnerabilities to silently install itself on the target device.

Citizen Lab believes the campaign was orchestrated by the Israeli spyware vendor NSO Group, based on similarities in the code of the spyware and the host domains where it was stored. The group, rumored to be on sale for as much as $1 billion, rose to prominence last year after similar spyware was detectedon the iPhone of human rights activist Ahmed Mansoor in the United Arab Emirates.

The research prompted an emergency patch from Apple to close the rare iOS vulnerabilities exploited by the attack. Notably, the Mexican campaign took place before that patch took effect, so all of the iOS vulnerabilities would have been exploitable at the time.

Notably, the NSO Group only sells to governments, and is subject to various export restrictions on sanctioned countries like North Korea and Iran. Those restrictions would not prevent sales to the Mexican government, however, and there is a record of the roughly $80 million in NSO sales to various Mexican federal agencies, according to a report from The New York Times. It’s unclear whether there was any legal authorization for the campaign, and one expert told the Times it’s unlikely such a request would be approved by a judge.

–

Source: The Verge

The post Mexico: Journalists targeted by spyware after probing government corruption appeared first on Citi 97.3 FM - Relevant Radio. Always.

One is ransomware that encrypts data and demands payment before files are released.

The other is spyware that watches what users do and scoops up valuable information.

Experts said they represented a threat because their creators were letting anyone use them for free.

The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor “dark web” network that acted as a shopfront for both.

In a blog, Fortinet said the site claimed that the creators behind it were professional software engineers with “extensive experience” of creating working code.

Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware’s creators had said that payments made by ransomware victims would be split between themselves and their customers.

Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware.

Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm.

However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data.

“Even if it is far inferior to most current ransomware targeting Windows, it doesn’t fail to encrypt victim’s files or prevent access to important files, thereby causing real damage,” wrote the researchers.

The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine’s microphone.

In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.

Mr Ewane said Mac users needed to start being more vigilant as malware creators targeted them.

“As OS X continues to grow in market share we can expect malware authors to invest greater amounts of time in producing malware for this platform.”

Statistics gathered by McAfee suggest that there are now about 450,000 malicious programs aimed at Macs – far fewer than the 23 million targeting Windows users.

Aamir Lakhani from Fortinet said Mac users should make sure their machines were kept up to date with the latest software patches and be wary of messages they receive via email.

“Mac ransomware is definitely becoming bigger,” he told EWeek. “Although market share is still small, hackers know that there is valuable data on the Mac.”

Apple declined to comment on the developments.

–

Source: BBC

The post Apple Mac computers targeted by ransomware and spyware appeared first on Citi 97.3 FM - Relevant Radio. Always.