Malware

The day-to-day drudgery of state sponsored hacking

After a review of bids and testing the capabilities of some of the exploits offered, the team decided to build its own malware. “This is the only inexpensive way to get to the iPhone, except for the [Israeli] solution for 7 million and that’s only for WhatsApp,” explained one team member in a message. “We still need Viber, Skype, Gmail, and so on.” The same was true of the Android and Windows malware and the back-end tools used to manage the campaign. Rather than using zero-day exploits, the organization relied on a combination of physical access, spear-phishing, and other techniques to inject its espionage tools onto the targeted devices.

From Sean Gallagher in ArsTechnica on the details leaked from a state sponsored malware effort.

Organizational Vanity, Google Alerts, and Social Engineering

As more and more organizations become aware of the need to track their online reputation, more people in those organizations are following Google alerts for their organization’s name. That creates a perfect opportunity for scammers to play on that organizational vanity to infect computers used by officers of the organization with malware that can reveal […] » about 300 words