This Italian spyware can steal data from your Android device
What's the story
Osservatorio Nessuno, an Italian digital rights organization, has uncovered a new malware called Morpheus. The spyware disguises itself as a phone updating app and can steal a wide range of data from the target's device. The discovery highlights the high demand for spyware among law enforcement and intelligence agencies, leading to the emergence of many companies providing such technology, some of which are not publicly known.
Connection revealed
Morpheus linked to IPS, an Italian company
The Osservatorio Nessuno report links the Morpheus spyware to IPS, an Italian company that has been in business for over 30 years. The firm is known for providing lawful interception technology, tools used by governments to capture real-time communications. IPS operates in more than 20 countries and counts several Italian police forces among its customers. However, the company has not yet commented on this recent discovery.
Spyware strategy
Researchers term Morpheus as 'low cost' spyware
The researchers have termed Morpheus as "low cost" spyware because it uses a basic infection method of tricking targets into installing the malware themselves. This is in stark contrast to more advanced government spyware makers like NSO Group and Paragon Solutions, which allow their customers to use invisible techniques for infection. These methods exploit expensive vulnerabilities that are hard to find and break through a device's security defenses without being detected.
Telecom involvement
Cellphone provider played major role in installation
In this case, the target's cellphone provider played a major role in the spyware installation. The company started blocking the target's mobile data on purpose and sent them an SMS to install an app that was supposed to help update their phone and regain cellular data access. This tactic has been seen before in other cases involving Italian spyware makers.
Spyware operation
Once installed, spyware impersonated WhatsApp to steal data
Once installed, the Morpheus spyware exploited Android's accessibility features to read data on the victim's screen and interact with other apps. It was designed to steal all sorts of information from the device. The malware then faked an update, displayed a reboot screen, and impersonated WhatsApp to trick the target into providing their biometrics. This gave the spyware full access to their WhatsApp account by adding a device to it.
Activism link
Researchers suspect political activism link in this case
The researchers behind the Osservatorio Nessuno report believe that the attack involving Morpheus spyware is "related to political activism" in Italy. They suspect this type of targeted attack is very common these days.