Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security United States

Data Breach Exposes US Spyware Maker Behind Windows, Mac, Android and Chromebook Malware (techcrunch.com) 25

A little-known spyware maker based in Minnesota has been hacked, TechCrunch reports, revealing thousands of devices around the world under its stealthy remote surveillance. From the report: A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company's servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June.

TechCrunch verified the data as authentic in part by analyzing some of the exfiltrated device activity logs that pertain to the company's chief executive, who installed the spyware on one of his own devices. The data shows that Spytech's spyware -- Realtime-Spy and SpyAgent, among others -- has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide. Spytech is the latest spyware maker in recent years to have itself been compromised, and the fourth spyware maker known to have been hacked this year alone, according to TechCrunch's running tally.

This discussion has been archived. No new comments can be posted.

Data Breach Exposes US Spyware Maker Behind Windows, Mac, Android and Chromebook Malware

Comments Filter:
  • Comment removed based on user account deletion
    • by Voyager529 ( 1363959 ) <voyager529@yahoo. c o m> on Thursday July 25, 2024 @09:49AM (#64654524)

      uncle sam, if youd make malware illegal, you wouldnt get so much of it

      Well, the tricky part here is that there's a distinction between malware and spyware in this context. "Spyware" here is shorthand for "employee monitoring software".

      If a company wants the computers it pays for to document what end users are doing on time that the company is also paying for, I can understand this remaining legal. "A good idea" is more of a stretch, but as long as the monitoring is limited to both the hardware and the employee's time, that's something I can appreciate remaining legal.

      The malware part is more of a supply chain attack, and it's really understandable why this is the case: machines running employee monitoring software are fantastic targets. Since the number of computers running EMS are an extreme minority, most operating systems and virus scanners see its behavior as malicious, meaning that those safety measures need to be told to ignore the EMS. Well...you've got a device who's job is to handle privileged data, at companies large enough to implement such software, with exclusions made for the sort of malicious data collection that is valuable for illicit activity...you probably couldn't come up with a more valuable target for a supply chain attack if you tried.

    • Not a bad FP, but it's not just the legality. It's the money that drives the companies to act in certain ways. I'd be hard pressed to name a single company these days whose financial model is completely aligned with my interests. Much easier to point at extreme examples of misalignment such as Amazon, Facebook, the vile cesspool formerly known as Twitter, Microsoft, and increasingly the google of EVIL.

      But there's a good joke here. Too bad I'm not able to tell it well. Some flavor of "In America, everything

      • But there's a good joke here. Too bad I'm not able to tell it well. Some flavor of "In America, everything is legal unless it is explicitly defined as illegal". The joke uses various other countries for comparison.

        Probably not quite on the mark, but how about "In Capitalist America, illegal defines YOU!"

      • In Massachusetts, everything is illegal.
        • by shanen ( 462549 )

          Hmm... State-level jokes do seem safer than using national stereotypes. Political correctness and all that stuff...

          • ??? i was quoting a (pretty well-known) meme.
            • you know, humor, AR - AR....
              • by shanen ( 462549 )

                Yeah, I know it was supposed to be a joke, but I think that particular joke would have worked better with Utah or one of the Dakotas or Carolinas...

                But at least I'm feeling a glimmer of hope for the future now. I didn't particularly want to outlive Franklin's republic.

                • I understand. this great experiment needs to continue past my end of life as well. It is a noble idea, which, unfortunately, seems to be being choked to death in this ignoble age.
  • Double Standard? (Score:4, Insightful)

    by cusco ( 717999 ) <<brian.bixby> <at> <gmail.com>> on Thursday July 25, 2024 @09:44AM (#64654506)

    If this company were located in Shanghai or Murmansk all the corporate press would immediately label it a "government-linked spyware maker", whether there were any evidence of that link or not.

    • I don't much care what the motivations for the spyware might be. Whether it's commercial or government-motivated, it's all the same evil to me.

    • China is still purportedly a communist country and claims ownership of most companies. For this reason if it happened in China it WOULD be a government linked spyware.

      Russia does things differently, a real capitalistic society with people free to start their own businesses. They just imprison / kill those capitalists that piss off the government without a fair trial.

      For this reason, a Murmansk spyware company would not be labelled a government linked spyware company,

      • by vbdasc ( 146051 )

        China is still purportedly a communist country

        Marx, Lenin and probably Mao Zedong are rolling in their graves.

        By the way, communism doesn't require that business is state-owned. There was a period in Soviet Russia's 1920's, knows as "NEP" (New Economic Policy) when private business was allowed and it in fact flourished.

  • by kmoser ( 1469707 ) on Thursday July 25, 2024 @12:37PM (#64655074)
    This leaves open the obvious question: does this leak give Apple and Google enough information to harden their OSes to prevent such spyware from being installed without the user's explicit consent, thereby rendering the malware useless? And will they actually do something about it?
    • This is software that is used to spy on the users of a device, not the owners. The user's consent is not wanted nor sought.
  • shocked (Score:4, Funny)

    by nomadic ( 141991 ) <{moc.liamg} {ta} {dlrowcidamon}> on Thursday July 25, 2024 @01:09PM (#64655188) Homepage

    I am shocked that a company named *checks article* "Spytech" was making spyware.

    • by vbdasc ( 146051 )

      You will be even more shocked to learn that Microsoft Internet Explorer was in fact created by a company named "Spyglass".

  • Those responsible for hacking the people who have just been hacked have been hacked.

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...