#1 Trending Cybersecurity News & Magazine
Tuesday, December 5, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    GTA 6 Map Leak

    The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

    TrickMo Banking Trojan

    TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

    Vietnam Electricity data breach

    BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

    cybersecurity

    Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

    Spyroid Rat Android RAT

    Unmasking Spyroid Rat: An In-Depth Look at the Menacing Android RAT

    MIRLE Group cyberattack

    MIRLE Group Targeted by Notorious LockBit Ransomware Group

    Cosmote Cyberattack

    Anonymous Collective Targets Greece’s Largest Mobile Operator Cosmote; Website Currently Down

    Colonial Pipeline Data Breach

    Colonial Pipeline Hit by ‘CyberNiggers’ Hacker Group, Sensitive Data for Sale on Dark Web

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    GTA 6 Map Leak

    The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

    TrickMo Banking Trojan

    TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

    Vietnam Electricity data breach

    BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

    cybersecurity

    Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

    Spyroid Rat Android RAT

    Unmasking Spyroid Rat: An In-Depth Look at the Menacing Android RAT

    MIRLE Group cyberattack

    MIRLE Group Targeted by Notorious LockBit Ransomware Group

    Cosmote Cyberattack

    Anonymous Collective Targets Greece’s Largest Mobile Operator Cosmote; Website Currently Down

    Colonial Pipeline Data Breach

    Colonial Pipeline Hit by ‘CyberNiggers’ Hacker Group, Sensitive Data for Sale on Dark Web

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features

The ‘Zero-Click’ Spyware Iceberg Explained

Avantika Chopra by Avantika Chopra
October 16, 2022
in Features
0
The ‘Zero-Click’ Spyware Iceberg Explained
597
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

The cybersecurity world is seeing an increase in zero-click spyware attacks. In a recent report by Bloomberg, the media organization called the spyware “nastier than it sounds.” The report highlighted an incident that took place with an Azerbaijani journalist Aida Alami’s iPhone (model unknown),  where she received a remote command to open the Apple Music app without her knowledge or consent. It then downloaded the spyware on the phone that remained there for 17 months, fetching all information from her calls and messages, internet usage habits, and more. IOS is usually referred to as the most secure smartphone ecosystem, but this didn’t seem to be the case with Alami.

As per APN News, the threat landscape in 2022 has revealed a 42% global year-on-year increase in attacks, and the World Economic Forum’s 2022 Global Risk Report states that 95% of cybersecurity issues are traced back to human error. Among the plethora of attacks that exist within our technological society today, zero-click attacks have increased significantly in terms of techniques. Since these attacks do not require human input, they become more problematic to deal with when compared to other cyberattacks.

You might also like

The Top 5 Tech Trends to Watch Out for in 2024

Scaling Up Your Career in Cyber Law: A Strategic Guide to Success

Cybersecurity Dynamics 2023— Indian Mid-Segment Firms and North American Giants Forge New Paths

Additionally, in September 2021, the new zero-click iMessage exploits became a hot topic among cybersecurity specialists when the Israeli-based cyber-arms company NSO Group’s Pegasus (spyware) was discovered on multiple iPhones on some early versions of iOS.

In a conversation with TCE, Dhanalakshmi PK, Senior Director (Malware and Research Intelligence) at Cyble, explained the Zero Click attack as an advanced method used by hackers and Threat Actor to install spyware, exploits or malware on a victim’s system/phone without users intervention. “Generally, Phishing emails or Smishing messages with malicious links or attachments are used as an initial infection vector for most prevalent attacks. This technique is mostly used by government entities and ruling parties to spy on persons of their interest through well-known spyware called Pegasus from late 2017,” Dhanalakshmi said.

What’s mobile spyware?

Spyware can be software, a command line, or a byte-sized program that silently steals information from one’s computer, smartphone, network, or any other physical or digital device that either connects with the internet or holds data.

Threat actors specializing in spyware can steal primary, secondary, and private information from the compromised system without even touching it or using aggressive strategies like DDoS attacks.

A prime example of spyware being the most problematic malware can be attributed to the rise of “third-party content download websites” and “torrent websites” that offer software, movies, games, documents, PDF files, and all sorts of other downloadable content for free.

Moreover, modern-day browsers like Google Chrome can store credit card details, address details, and other banking details to help cross-platform integrations for users to access their data quickly. The hackers can also enjoy this integration. After all, they are getting a piece of the pie because they can use the files and information stored or used on the device used to download the infected software from a malicious website.

The phenomenon can be explained better via an example where a user downloads a file/software from a third-party website. Once the user saves the downloaded content on their PC, the download folders will contain several files associated with the software with different extensions, with .exe being the only one in which the user will be interested. From the other hundreds of files with different extensions, the threat actor could inject spyware software/file/command in them.

Ordinary spyware can use internet connectivity to download malicious files and software on the systems without the device’s administrator’s knowledge and consent. Another thing that makes spyware so problematic is that an average internet user won’t be able to differentiate between a spyware file and a standard file because the files are created/designed to mimic the actual files. At the same time, the main component is masked behind the icon.

The anonymity of these attacks could be attributed to why threat actors use these websites and platforms to spread the malware. Since the website already has spyware installed, the additional files it installs on its own increase the chances of spoofing because the threat actor can now fully access the system and bypass the security protocols.

Why is it used?

Mobile spyware comes with a lot of potential damage that could break nations, create chaos among citizens, and sometimes even force the government to retreat due to the outbreak. In some cases, nation-funded spyware can also be used to collect information from users from other countries.

This can include pre-installed apps from the smartphone manufacturer or hidden software marketed in certain nations. Bytedance’s short video platform, TikTok, has been accused of these allegations and called out multiple times for harvesting users’ data and spying on users using permissions granted at the time of installing the app.

During the US Senate Homeland Security Committee testimony, Sen. Rob Portman and TikTok Chief Operating Officer Vanessa Pappas argued over the Chinese government’s use of US users’ data.

The testimony also highlighted how China could be harvesting US data to spy on the citizens using the app, which has approximately 136.5 million users with 80 million monthly active users in the United States at ages 16-24.

Spyware usually tracks the physical and internet movement of the device to target the victim with an advertisement that leads to a software package that contains more malware-infected files. Spyware usually targets the user’s banking or personal information, later used for blackmailing or completing ransom campaigns.

Other, more severe types of spyware are designed to gather information about a particular individual or to launch corporate espionage that directly spies on the victim using the microphone and camera on their smartphones. Since mobiles are slowly becoming the primary device to store data and do business oriented with features and add-ons that ease the communication between two or more parties, the rise of mobile spyware is inevitable and will only increase in the future.

Five types of mobile spyware

Mobile spyware is generally a form of malware that exists to steal information by hiding inside devices for long periods of time. On the other hand, zero-click spyware requires no administration, forceful entry, or backdoor attacks.

This malware type hides inside devices and programs and steals sensitive information from the users, including but not limited to banking details, social media details, logins and passwords, websites visited, keys pressed, and others.

Here are the top 5 types of spyware used by hackers to spoof information from the victim’s PC, smartphone, and other devices.

Browser Hijack

Browser Hijack is an application that takes over a web browser and displays pointless or annoying adverts. It operates by secretly adding an internet shortcut to the browser’s favorite folders.

Adware

Adware is unauthorized software secretly installed on a user’s device and uses the web browser to display banner ads for download or marketing.

Keyboard Loggers

Keyboard loggers are unauthorized software that installs itself on a user’s device and uses the web browser to display banner ads for download or marketing. Keyloggers, often known as keystroke loggers, are software or hardware tools that record keyboard activity (keys pressed) and collect data to form passwords and login IDs to login into victims’ accounts.

Dialers

As for dialers, it is software that automatically dials 900 numbers or toll calls without the user’s consent, causing the victim great financial harm.

Rootkit

A rootkit is a group of computer programs, usually malicious, used to gain unauthorized access to computers or parts of its software. They frequently conceal their own or other programs’ presence.

How to check whether the phone is infected?

Some common symptoms of spyware injection usually recognize a hacked smartphone. These can range from a sluggish performance or a browser break, or specific redirection on websites. Another symptom is over usage of data and battery. Since spyware works in the background and is generally not visible on the smartphone’s homepage, they still consume data and battery power.

In some cases, similar advertisements and repetitive pop-ups can be a sign of a phone infection. The best thing to do in such situations is to back up the important data, use antivirus software, and perform a full system scan.

If that doesn’t work, the most effective method is to factory reset the system as that wipes off all the data, updates, files, and everything on the smartphone, making even the spyware disappear. Here is a quick look at how to perform a factory reset on Android and iOS-based smartphones.

Factory reset Android

Here are step-by-step instructions on how to perform a factory reset on an Android smartphone.

  • Firstly, back up all the essential data like images, contacts, and other files.
  • Now, click on Apps via the smartphone’s homepage and select Settings.
  • Scroll down to find the backup and reset.
  • Back the data if required.
  • Click on Factory data reset. (The method will delete all the data on the device)
  • Tap Reset Device and then select Erase Everything/Delete all.
  • Wait for the smartphone to delete and reboot again.
  • Once rebooted, download the backed-up data to complete the process.

Factory reset iOS

  • Backup the data to iCloud or any other preferred app.
  • On the smartphone, tap on the Settings option.
  • On the next screen, tap General and then scroll down to Transfer or Reset [Device].
  • To factory reset the smartphone, tap on Erase All Content and Settings.
  • If asked, authenticate the process by entering the correct Apple ID and password/passcode.
  • On the next screen, confirm to erase the device data.
  • The smartphone will begin deleting the files, accounts, and data associated with the device.
  • Once deleted, depending on the device model, it will take a few minutes to reboot.

Finally, even if the device doesn’t appear to have a spyware infestation, one should nevertheless scan it at least once a week for any potential risks. Many antivirus programs allow users to plan a weekly scan, so they don’t have to start one every time manually.

To offer the best security, they automatically check for viruses and malware database updates daily. Additionally, these apps provide real-time defense against various dangers, including viruses, worms, spyware, and ransomware.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: malwaremobile spywareSpywareThe Cyber ExpressThe Cyber Express NewsZero-Click
Previous Post

Tata Power Reports Cyberattack on IT Infrastructure

Next Post

Microsoft Reports New ‘Prestige’ Ransomware Targeting Firms in Europe

Avantika Chopra

Avantika Chopra

Associate Editor, The Cyber Express

Related Posts

Tech Trends
Cybersecurity News

The Top 5 Tech Trends to Watch Out for in 2024

by Editorial
December 1, 2023
Career in Cyber Law
Features

Scaling Up Your Career in Cyber Law: A Strategic Guide to Success

by Samiksha Jain
November 26, 2023
Indian Mid-Segment Firms
Features

Cybersecurity Dynamics 2023— Indian Mid-Segment Firms and North American Giants Forge New Paths

by Editorial
November 26, 2023
Black Friday Deals
Features

Securing Your Shopping Spree: Navigating Black Friday Deals with Top 10 Privacy Tips

by Editorial
November 24, 2023
Australian Cyber Security Strategy 2023
Features

Understanding Australian Cyber Security Strategy 2023: A 7-Year-Plan To Bolster Cybersecurity

by Ashish Khaitan
November 23, 2023
Next Post
Prestige Ransomware

Microsoft Reports New 'Prestige' Ransomware Targeting Firms in Europe

Latest Issue is Out. Subscribe Now

Cybersecurity Magazine



Follow Us On Google News

Latest Cyber News

SPARRSO data breach
Firewall Daily

Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

December 5, 2023
GTA 6 Map Leak
Firewall Daily

The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

December 5, 2023
TrickMo Banking Trojan
Dark Web News

TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

December 5, 2023
Vietnam Electricity data breach
Firewall Daily

BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

December 4, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance