Meta Platforms, formerly known as Facebook, has disclosed efforts to combat malicious activity from eight surveillance-for-hire firms based in Italy, Spain, and the United Arab Emirates (U.A.E.). The findings, part of Meta’s Adversarial Threat Report for Q4 2023, highlight the targeting of iOS, Android, and Windows devices by these spyware entities.
Malicious Capabilities of Spyware
According to Meta, the spyware from these firms was designed to collect a wide array of sensitive information from infected devices. This included access to device information, location data, photos and media, contacts, calendar events, emails, SMS messages, as well as access to microphone, camera, and screenshot functionality.
Firms Engaged in Unethical Practices
The eight companies identified by Meta are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries. These firms were found to be engaging in scraping, social engineering, and phishing activities, targeting platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, and others.
Examples of Deceptive Practices
One example cited by Meta involved a network of fake personas associated with RCS Labs, owned by Cy4Gate, which deceived users into providing personal information such as phone numbers and email addresses. Variston IT, another firm, used now-removed Facebook and Instagram accounts for exploit development and testing purposes.
International Cooperation and Countermeasures
In response to these threats, Meta has taken action against networks from China, Myanmar, and Ukraine that exhibited coordinated inauthentic behavior (CIB). The company removed over 2,000 accounts, Pages, and Groups from its platforms.
To counter the surveillance industry’s activities, Meta has introduced new security features. These include Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp, aimed at making exploitation harder and reducing the overall attack surface.
Ongoing Threats and New Surveillance Tools
Despite these efforts, the surveillance industry continues to evolve. Recent discoveries include Patternz, a surveillance tool leveraging real-time bidding (RTB) advertising data from popular apps like 9gag and Truecaller. Another tool, MMS Fingerprint, allegedly used by NSO Group, exploits a security hole in mobile network protocols.
While there is no evidence that these tools have been exploited in the wild in recent months, they underscore the ongoing challenges posed by sophisticated surveillance tactics and the need for robust cybersecurity measures.
