Secretive Israeli Spyware Company Masquerades as Advocacy Groups, Media Companies

Facebook took down fake accounts used by Iranian cyber-espionage groups, Biden administration to investigate ransomware payments, Stopransomware.gov site launched, "Freedom Phone" is a ripoff, more

Check out my latest column focusing on the flurry of anti-ransomware initiatives announced by the Biden administration yesterday.

Citizen Lab and Microsoft report that a secretive Israel-based company called Candiru (or Sourgum) sells spyware exclusively to governments capable of infecting iPhones, Androids, Macs, PCs, and cloud accounts. Many of the websites connected to Candiur masquerade as advocacy organizations such as Amnesty International, the Black Lives Matter movement, media companies, and other civil-society-themed entities.

The spyware, called DevilsTongue by Microsoft, leverages two unknown vulnerabilities in Windows. Microsoft said it issued protections this week “to prevent Sourgum’s tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint.” (Bill Marczak, John Scott-Railton, Kristin Berdan, Bahr Abdul Razzak, and Ron De…