Apple Alerts iPhone Users to Mercenary Spyware Attacks

Context

Recently, Apple issued alerts to iPhone users in 92 countries including India,cautioning them from mercenary spyware attacks including Pegasus.

National cyber security agency, Computer Emergency Response Team (CERT-In) has issued a warning against Malware Attack  in India

‘Akira’:

  •  A new internet ransomware virus, Akira is a malicious software designed to target both Windows and Linux-based systems

‘Daam’: 

  • A malware called ‘Daam’ that infects Android phones. The virus can hack into your call records, contacts, history and camera.

Raccoon Stealer Malware: 

  • It is an information stealer malware that retrieves sensitive data from infected machines. It is available as Malware-as-a-service (MaaS). 
  • It is usually delivered through email, known as Raccoon Stealer. 

Hermit Spyware: 

  • It is similar to NSO Group’s Pegasus. Once installed, it can make unauthorized calls, record audio on the device, and perform a variety of other unauthorized tasks

 

Enroll now for UPSC Online Course

Difference Between Malware and Spyware

  • Malware, short for “malicious software,” includes viruses and spyware that can steal personal information, send spam, and commit fraud
    • Criminals use appealing websites, desirable downloads, and compelling stories to lure consumers to links that will download malware – especially on computers that don’t use adequate security software. 
  • Spyware is one type of malware that can monitor or control your computer use
    • It may be used to send consumers pop-up ads, redirect their computers to unwanted websites, monitor their Internet surfing, or record their keystrokes, which, in turn, could lead to identity theft. 

Mercenary Spyware 

  • Mercenary spyware is designed to remotely infiltrate and compromise smartphones, used to monitor movements and communications, steal private data, etc. and other devices without the knowledge or consent of the users
  • These attacks are highly complex, targeting specific individuals with exceptional resources, surpassing regular cybercriminal activity and consumer malware. 
  • They are difficult to detect and prevent due to their substantial investment and short lifespan
  • In some cases, governments, intelligence agencies, and law enforcement bodies have reportedly bought mercenary spyware wherein political opponents, Activist, corporate espionage and financial fraud are often targeted.

Examples of Mercenary Spyware 

Companies producing mercenary spyware include the NSO Group, FinFisher, and Hacking Team. 

  • NSO Group’s flagship spyware Pegasus, which has been bought by various governments, helps infiltrate devices remotely and access calls, emails, messages, and other files. 
  • Finfisher’s products like FinSpy can capture keystrokes and access data besides activating microphones and cameras without permission
  • The Hacking Team’s Galileo aka Remote Control System (RCS) also can capture keystrokes and record video calls besides accessing the camera and microphone.
Communication Surveillance in India:

  • In India it  takes place primarily under two laws — the Telegraph Act, 1885 and the Information Technology Act, 2000. 
    • While the Telegraph Act deals with interception of calls, the IT Act was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996. 
    • A comprehensive data protection law to address the gaps in existing frameworks for surveillance is yet to be enacted.

Pegasus Spyware

  • Pegasus is a spyware developed and marketed by Israeli cybersecurity firm NSO. 
  • Pegasus has the ability to execute operator commands, and send back private data, passwords, contact lists, calendar events, text messages, and live voice calls.

Enroll now for UPSC Online Classes

Types of Malware

Ransomware: In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment
Fileless Malware: Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack.
Spyware: Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent
Adware: Adware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. 
Trojan: A trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads
Worms: A worm is a self-contained program that replicates itself and spreads its copies to other computers
Rootkits: Rootkit malware is a collection of software designed to give malicious actors control of a computer network or application
Bootkits take this a step further by infecting the master boot prior to the operating system being on boot up, going undetectable at times. 
Mobile Malware:  Mobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi. 
Exploits: An exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors
Scareware: Scareware tricks users into believing their computer is infected with a virus
Keylogger: Keyloggers are tools that record what a person types on a device. In a keylogger attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker. 
Botnet: Botnet is a network of computers infected with malware that are controlled by a bot herder. The bot herder is the person who operates the botnet infrastructure and uses the compromised computers to launch attacks designed to crash a target’s network, inject malware, harvest credentials or execute CPU-intensive tasks. 
MALSPAM: Malicious malware (MALSPAM) delivers malware as the malicious payload via emails containing malicious content, such as virus or malware infected attachments.

 

Also Read: Indian Cyber Threat Report 2023

 

Must Read
NCERT Notes For UPSC UPSC Daily Current Affairs
UPSC Blogs UPSC Daily Editorials
Daily Current Affairs Quiz Daily Main Answer Writing
UPSC Mains Previous Year Papers UPSC Test Series 2024

 

To get PDF version, Please click on "Print PDF" button.

Need help preparing for UPSC or State PSCs?

Connect with our experts to get free counselling & start preparing

THE MOST
LEARNING PLATFORM

Learn From India's Best Faculty

      
Quick Revise Now !
AVAILABLE FOR DOWNLOAD SOON
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध
Quick Revise Now !
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध

<div class="new-fform">







    </div>

    Subscribe our Newsletter
    Sign up now for our exclusive newsletter and be the first to know about our latest Initiatives, Quality Content, and much more.
    *Promise! We won't spam you.
    Yes! I want to Subscribe.