Highly targeted malware (spyware) is sold by an Israeli company to customers who use it to spy on journalists, dissidents and others, cybersecurity firm ESET reports in its latest report.
Spyware made by Tel Aviv-based hacking tool company Candiru has been found on several computers in Europe (Russia, Turkey…) and the Middle East, cybersecurity firm ESET reported. In its September report, ESET wrote that according to a study published by Citizen Lab and the Microsoft Threat Intelligence Center in July that the “DevilsTongue” malware from the company Candiru, is “sold to third parties, who can abuse it to spy on various victims. , including human rights defenders, dissidents, journalists, activists and politicians.
ESET researchers, the report said, “discovered indications of DevilsTongue malware in our telemetry data, affecting approximately 10 computers” in Albania, Russia and the Middle East. The malware has been found in Israel, the Palestinian territories, Turkey and other parts of the region. It is also stated that ” the malware is highly targeted: each DevilsTongue victim we identified had a personalized sample with PE resources unique to the target “.
In July, Microsoft and Google reported a number of zero-day vulnerabilities found in the Windows operating system and the popular Chrome web browser. Microsoft corrected the flaws that were discovered with a software update shortly after they were discovered. The company did not directly attribute the exploits to Candiru, instead calling him an “offensive Israel-based private sector player” under the code name Sourgum.
Candiru would have indeed exploited these vulnerabilities to attack targets in a hundred countries, from Iran and Lebanon to Spain and the United Kingdom. The targeted victims have not been disclosed. Citizen Lab report said human rights activists, political dissidents, journalists, human rights defenders and politicians were among the targets