ALL POSTS

Key Findings A coordinated hack-for-hire campaign targeting journalists and activists across the Middle East and North Africa has been active since at least 2022, with operations continuing into 2025 The campaign is attributed to Bitter, a threat actor with suspected ties to the Indian government, operating as a likely contracted espionage service Two Egyptian journalists and critics of their government, Mostafa Al-A'sar and Ahmed Eltantawy, were targeted with sophisticated s

Key Findings WhatsApp alerted approximately 200 users, primarily in Italy, who were tricked into installing a counterfeit iOS app containing spyware The fake app was created by Asigint, an Italian subsidiary of spyware company SIO Spa All affected users have been logged out and advised to uninstall the malicious app and download the official version WhatsApp is pursuing legal action against Asigint to stop further malicious activity The attack relied on social engineering tac

Key Findings Deceptive mobile campaign discovered targeting people in Israel using a fake version of the popular "Red Alert" life-saving app The app appears to be a modified version of the legitimate "Red Alert" app, which is widely used to provide real-time warnings about incoming rockets The attack starts with a simple text message claiming there is a technical problem with the current alert system and providing a link to download an updated version Background The "Red Aler

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries Key Findings Arsink is a dangerous Android Trojan that impersonates over 50 popular brands, including WhatsApp, YouTube, Instagram, and TikTok The malware has infected over 45,000 devices across 143 countries, with major clusters in Egypt, Indonesia, and Iraq Arsink grants hackers complete remote control, allowing them to record audio, read text messages, and wipe devices Background A massive new

Key Findings In August 2025, Kaspersky researchers discovered a new Android banking Trojan dubbed "Frogblight" targeting individuals in Turkey. The malware initially disguised itself as an app for accessing court case files via an official government webpage, but later adopted more universal disguises like the Chrome browser. Frogblight can use official government websites as an intermediary step to steal banking credentials and has spyware capabilities to collect SMS message

Key Findings CISA has issued an alert warning of threat actors actively using commercial spyware and remote access trojans (RATs) to target users of mobile messaging apps like Signal and WhatsApp. The attackers employ sophisticated social engineering and targeting techniques to deliver spyware and gain unauthorized access to victims' messaging apps, enabling further device compromise. The targeting appears opportunistic but often focuses on high-value individuals such as gove

Key Findings Researchers discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE-2025-21042) in Samsung's image processing library to compromise Galaxy devices. The campaign, active since mid-2024, appears to have targeted users in the Middle East, with the spyware embedded inside malicious DNG image files sent through WhatsApp. The exploit relies on malformed DNG (Digital Negative) image files, exploiting a flaw i

Key Findings: A new commercial-grade spyware called "Landfall" has been targeting Samsung Galaxy phones in the Middle East since at least mid-2024. Landfall exploited a previously unknown, unpatched vulnerability (zero-day) in Samsung's Android image processing library, tracked as CVE-2025-21042. The spyware was delivered through malicious DNG image files sent via WhatsApp, with no user interaction required (zero-click). Landfall has extensive surveillance capabilities, inclu