Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has released a report on the malicious activities of eight spyware companies from Italy, Spain, and the UAE. These companies have been using sophisticated malware to target and monitor Android and iPhone users, as well as scraping, phishing, and social engineering techniques to collect their personal data.
The report, titled Adversarial Threat Report for Q4 2023, was published on Meta’s website on Thursday. It reveals the names of the spyware companies, the methods they used, the platforms they targeted, and the actions Meta took to disrupt their operations.
“These companies are part of a growing industry that sells spyware to anyone who can afford it, often with little or no oversight or accountability,” the report says. “Their products can be used to spy on journalists, activists, dissidents, and anyone else who poses a threat to their clients.”
The spyware companies and their methods
The eight spyware companies identified by Meta are:
- Cy4Gate/ELT Group
- RCS Labs
- IPS Intelligence
- Variston IT
- TrueL IT
- Protect Electronic Systems
- Negg Group
- Mollitiam Industries
These companies have developed and sold various types of malware that can infect Android and iPhone devices, and enable remote access to their microphones, cameras, screenshots, location, photos, media, contacts, calendar, email, SMS, social media, and messaging apps. Some of the malware names are:
- Stealth Falcon
- Stealth Eagle
- Stealth Condor
- Stealth Hawk
- Stealth Falcon 2
- Stealth Eagle 2
- Stealth Condor 2
- Stealth Hawk 2
- Stealth Falcon 3
- Stealth Eagle 3
- Stealth Condor 3
- Stealth Hawk 3
- Stealth Falcon 4
- Stealth Eagle 4
- Stealth Condor 4
- Stealth Hawk 4
- Stealth Falcon 5
- Stealth Eagle 5
- Stealth Condor 5
- Stealth Hawk 5
These companies have also used various techniques to distribute their malware and collect data from their targets, such as:
- Creating fake personas and profiles on platforms like Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch, and Telegram, and engaging with their targets to lure them into clicking on malicious links or downloading malicious files.
- Creating fake websites and apps that mimic legitimate ones, and tricking their targets into visiting them or installing them on their devices.
- Sending phishing emails and messages that contain malicious attachments or links, and exploiting vulnerabilities in the platforms or devices to execute their malware.
- Scraping public and private data from the platforms, such as names, phone numbers, email addresses, photos, videos, posts, comments, likes, shares, followers, friends, groups, pages, events, and messages, and using them to profile and target their victims.
The actions taken by Meta
Meta says that it has taken several actions to protect its users and platforms from these spyware companies, such as:
- Detecting and removing their fake accounts, pages, groups, events, and apps from its platforms, and notifying the affected users.
- Blocking and disrupting their malicious domains, URLs, and IP addresses, and preventing them from accessing its platforms and services.
- Reporting and sharing their information and indicators with other platforms, security researchers, law enforcement agencies, and civil society organizations.
- Taking legal action against some of these companies, such as filing lawsuits and injunctions, and seeking damages and penalties.
- Educating and empowering its users and partners to recognize and avoid these threats, and providing them with tools and resources to secure their accounts and devices.
Meta also urges its users and partners to report any suspicious or malicious activity they encounter on its platforms, and to follow the best practices to protect their privacy and security online.
