Targeted spyware and why it’s a concern to us

Experts are again warning about the proliferating market for targeted spyware and espionage.

Before we dive into the world of targeted spyware, it’s worth looking at a few of the main players that are active in and against this industry.

Paragon Solutions is an Israeli company which sells high-end surveillance technology primarily to government clients, positioning its products as essential for combating crime and national security. The name of Paragon’s spyware is Graphite.

However, a lot of controversy arose when it faced allegations over the targeting of specific WhatsApp users, including journalists and civil society members, leading to a cease-and-desist notice from WhatsApp. Following these allegations, Paragon Solutions ended its contract with Italy after Italian citizens were found to have been targeted.

The NSO group creates the high-level spyware known as Pegasus, and has also been caught spying on WhatsApp users. The NSO Group justifies the use of Pegasus by saying it’s a beneficial tool for investigating and preventing terrorist attacks and maintaining the safety of the public.

On the opposite side of the fence, CitizenLab is an interdisciplinary laboratory based in Toronto, Canada. CitizenLab focuses on studying information controls that impact the openness and security of the internet and pose threats to human rights.

The work done by CitizenLab has led to greater understanding of the global digital surveillance landscape and its implications for human rights.

Often, we will see newly found vulnerabilities in iOS, WhatsApp and other software credited to CitizenLab or one of its associates. They often find these vulnerabilities by analyzing devices of individuals infected with high-level spyware.

In an interview with TheRecord, founder Ronald Deibert said CitizenLab routinely checks people’s phones for spyware. Over time, the researchers at CitizenLab have honed their forensic skills to the level that they can pinpoint the moment of infection for the device right down to the second.

In a recent article, CitizenLab explained in great detail how it cooperated with Meta on uncovering a WhatsApp zero-day vulnerability and how it traced it back to Paragon and the Italian government.

While most of us will, hopefully, never have to deal or worry about getting infected with high-level spyware, we may end up falling victim to the vulnerabilities that are used to infect targets.

Both Paragon and the NSO group have brought many zero-day vulnerabilities to light in browsers and other online applications by using them to compromise mobile devices.

Zero-day vulnerabilities are hard to come by and therefore expensive. But once they are used against victims, there is a good chance that at some point they will be discovered and patched.

But small-time criminals will pick them up and try to use them against people who haven’t had a chance or the time to update their device yet.

Which is why we, on this blog, and through Malwarebytes’ Trusted Advisor, always urge people to keep their devices up-to-date.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.