The ‘Zero-Click’ Spyware Iceberg Explained

Listen to this story

The cybersecurity world is seeing an increase in zero-click spyware attacks. In a recent report by Bloomberg, the media organization called the spyware “nastier than it sounds.” The report highlighted an incident that took place with an Azerbaijani journalist Aida Alami’s iPhone (model unknown), where she received a remote command to open the Apple Music app without her knowledge or consent. It then downloaded the spyware on the phone that remained there for 17 months, fetching all information from her calls and messages, internet usage habits, and more. IOS is usually referred to as the most secure smartphone ecosystem, but this didn’t seem to be the case with Alami.

As per APN News, the threat landscape in 2022 has revealed a 42% global year-on-year increase in attacks, and the World Economic Forum’s 2022 Global Risk Report states that 95% of cybersecurity issues are traced back to human error. Among the plethora of attacks that exist within our technological society today, zero-click attacks have increased significantly in terms of techniques. Since these attacks do not require human input, they become more problematic to deal with when compared to other cyberattacks.

How to Become a Cyber Security Engineer in 2022

North Korean Spies ‘ScarCruft’ Exploit Dolphin Backdoor to Launch Attacks

Bahamut Group Targets Android Users With Fake SecureVPN Apps

Additionally, in September 2021, the new zero-click iMessage exploits became a hot topic among cybersecurity specialists when the Israeli-based cyber-arms company NSO Group’s Pegasus (spyware) was discovered on multiple iPhones on some early versions of iOS.

In a conversation with TCE, Dhanalakshmi PK, Senior Director (Malware and Research Intelligence) at Cyble, explained the Zero Click attack as an advanced method used by hackers and Threat Actor to install spyware, exploits or malware on a victim’s system/phone without users intervention. “Generally, Phishing emails or Smishing messages with malicious links or attachments are used as an initial infection vector for most prevalent attacks. This technique is mostly used by government entities and ruling parties to spy on persons of their interest through well-known spyware called Pegasus from late 2017,” Dhanalakshmi said.

What’s mobile spyware?

Spyware can be software, a command line, or a byte-sized program that silently steals information from one’s computer, smartphone, network, or any other physical or digital device that either connects with the internet or holds data.

Threat actors specializing in spyware can steal primary, secondary, and private information from the compromised system without even touching it or using aggressive strategies like DDoS attacks.

A prime example of spyware being the most problematic malware can be attributed to the rise of “third-party content download websites” and “torrent websites” that offer software, movies, games, documents, PDF files, and all sorts of other downloadable content for free.

Moreover, modern-day browsers like Google Chrome can store credit card details, address details, and other banking details to help cross-platform integrations for users to access their data quickly. The hackers can also enjoy this integration. After all, they are getting a piece of the pie because they can use the files and information stored or used on the device used to download the infected software from a malicious website.

The phenomenon can be explained better via an example where a user downloads a file/software from a third-party website. Once the user saves the downloaded content on their PC, the download folders will contain several files associated with the software with different extensions, with .exe being the only one in which the user will be interested. From the other hundreds of files with different extensions, the threat actor could inject spyware software/file/command in them.

Ordinary spyware can use internet connectivity to download malicious files and software on the systems without the device’s administrator’s knowledge and consent. Another thing that makes spyware so problematic is that an average internet user won’t be able to differentiate between a spyware file and a standard file because the files are created/designed to mimic the actual files. At the same time, the main component is masked behind the icon.

The anonymity of these attacks could be attributed to why threat actors use these websites and platforms to spread the malware. Since the website already has spyware installed, the additional files it installs on its own increase the chances of spoofing because the threat actor can now fully access the system and bypass the security protocols.

Why is it used?

Mobile spyware comes with a lot of potential damage that could break nations, create chaos among citizens, and sometimes even force the government to retreat due to the outbreak. In some cases, nation-funded spyware can also be used to collect information from users from other countries.

This can include pre-installed apps from the smartphone manufacturer or hidden software marketed in certain nations. Bytedance’s short video platform, TikTok, has been accused of these allegations and called out multiple times for harvesting users’ data and spying on users using permissions granted at the time of installing the app.

During the US Senate Homeland Security Committee testimony, Sen. Rob Portman and TikTok Chief Operating Officer Vanessa Pappas argued over the Chinese government’s use of US users’ data.

The testimony also highlighted how China could be harvesting US data to spy on the citizens using the app, which has approximately 136.5 million users with 80 million monthly active users in the United States at ages 16-24.

Spyware usually tracks the physical and internet movement of the device to target the victim with an advertisement that leads to a software package that contains more malware-infected files. Spyware usually targets the user’s banking or personal information, later used for blackmailing or completing ransom campaigns.

Other, more severe types of spyware are designed to gather information about a particular individual or to launch corporate espionage that directly spies on the victim using the microphone and camera on their smartphones. Since mobiles are slowly becoming the primary device to store data and do business oriented with features and add-ons that ease the communication between two or more parties, the rise of mobile spyware is inevitable and will only increase in the future.

Five types of mobile spyware

Mobile spyware is generally a form of malware that exists to steal information by hiding inside devices for long periods of time. On the other hand, zero-click spyware requires no administration, forceful entry, or backdoor attacks.

This malware type hides inside devices and programs and steals sensitive information from the users, including but not limited to banking details, social media details, logins and passwords, websites visited, keys pressed, and others.

Here are the top 5 types of spyware used by hackers to spoof information from the victim’s PC, smartphone, and other devices.

Browser Hijack

Browser Hijack is an application that takes over a web browser and displays pointless or annoying adverts. It operates by secretly adding an internet shortcut to the browser’s favorite folders.

Adware

Adware is unauthorized software secretly installed on a user’s device and uses the web browser to display banner ads for download or marketing.

Keyboard Loggers

Keyboard loggers are unauthorized software that installs itself on a user’s device and uses the web browser to display banner ads for download or marketing. Keyloggers, often known as keystroke loggers, are software or hardware tools that record keyboard activity (keys pressed) and collect data to form passwords and login IDs to login into victims’ accounts.

Dialers

As for dialers, it is software that automatically dials 900 numbers or toll calls without the user’s consent, causing the victim great financial harm.

Rootkit

A rootkit is a group of computer programs, usually malicious, used to gain unauthorized access to computers or parts of its software. They frequently conceal their own or other programs’ presence.

How to check whether the phone is infected?

Some common symptoms of spyware injection usually recognize a hacked smartphone. These can range from a sluggish performance or a browser break, or specific redirection on websites. Another symptom is over usage of data and battery. Since spyware works in the background and is generally not visible on the smartphone’s homepage, they still consume data and battery power.

In some cases, similar advertisements and repetitive pop-ups can be a sign of a phone infection. The best thing to do in such situations is to back up the important data, use antivirus software, and perform a full system scan.

If that doesn’t work, the most effective method is to factory reset the system as that wipes off all the data, updates, files, and everything on the smartphone, making even the spyware disappear. Here is a quick look at how to perform a factory reset on Android and iOS-based smartphones.

Factory reset Android

Here are step-by-step instructions on how to perform a factory reset on an Android smartphone.

Firstly, back up all the essential data like images, contacts, and other files.
Now, click on Apps via the smartphone’s homepage and select Settings.
Scroll down to find the backup and reset.
Back the data if required.
Click on Factory data reset. (The method will delete all the data on the device)
Tap Reset Device and then select Erase Everything/Delete all.
Wait for the smartphone to delete and reboot again.
Once rebooted, download the backed-up data to complete the process.

Factory reset iOS

Backup the data to iCloud or any other preferred app.
On the smartphone, tap on the Settings option.
On the next screen, tap General and then scroll down to Transfer or Reset [Device].
To factory reset the smartphone, tap on Erase All Content and Settings.
If asked, authenticate the process by entering the correct Apple ID and password/passcode.
On the next screen, confirm to erase the device data.
The smartphone will begin deleting the files, accounts, and data associated with the device.
Once deleted, depending on the device model, it will take a few minutes to reboot.

Finally, even if the device doesn’t appear to have a spyware infestation, one should nevertheless scan it at least once a week for any potential risks. Many antivirus programs allow users to plan a weekly scan, so they don’t have to start one every time manually.

To offer the best security, they automatically check for viruses and malware database updates daily. Additionally, these apps provide real-time defense against various dangers, including viruses, worms, spyware, and ransomware.