The controversial spyware software from NSO Group is again in the news. This time, for being used against 37 journalists, mostly belonging to Al Jazeera. Itโ€™s said the spyware is a zero-click malware that doesnโ€™t leave any trace on the compromised device and has exploited an iMessage vulnerability existing for over a year.

Journalists Spied Through a Spyware!

Zero-Click Vulnerability in Apple iMessageCitizen Lab has uncovered a campaign where dozens of journalists were spied on using the spyware kismet, an NSO Group product. The maker was accused of similar incidents earlier, where it supplied spyware to governments for spying on dissidents and journalists through WhatsApp.

And now, itโ€™s reputedly being used by four operators, two originated from Saudi Arabia and two from UAE, to spy on at least 37 journalists. Out of the four operators found, two were said to have acted on their governmentโ€™s behalf! The spyware deployed was able to access microphone audio, passwords, and remotely capturing photos.

While itโ€™s unknown how itโ€™s distributed, itโ€™s named a zero-click vector as it didnโ€™t leave any digital traces in the device while spying. One victim named Rania Dridi from Al Araby said she might have been targeted for having links to a Saudi Arabian critic and her discussions on womenโ€™s rights.

NSO Group said it was unfamiliar with the matter and will investigate the incident if โ€œcredible evidence of misuseโ€ is observed. Also, it said that it doesnโ€™t have any access to the targetโ€™s data and made its spyware strictly for use against criminals only.

On the other hand, Apple said it couldnโ€™t verify the Citizen Labโ€™s claims but acknowledged the attack as โ€œhighly targetedโ€ and recommended users to upgrade to the latest software version. Operators have reportedly exploited a vulnerability in iMessage, which is existing for over a year.

LEAVE A REPLY

Please enter your comment!
Please enter your name here