The Persistent Threat Posed by Mobile Spyware: How All Businesses and Government Agencies Continue to Be Exposed

Share this blog

On March 27, 2023, the Biden Administration issued an Executive Order (EO) prohibiting government agencies from using and acquiring hacking tools, such as commercial spyware. According to senior administration officials, the order “is in­tended to grap­ple with the rapidly grow­ing and lu­cra­tive in­ternational mar­ket­place of cy­ber-in­tru­sion tools that can break into some­one’s phone—of­ten with mal­ware that doesn’t re­quire the vic­tim to click on a ma­li­cious link or at­tach­ment—and spy on them un­de­tected for months or years.” (source: Wall Street Journal).

Yesterday, mobile spyware was the subject of two articles in the Wall Street Journal. In one of these articles, it was discussed how Russia supplies Iran with advanced cyber surveillance software, including mobile spyware. The Wall Street Journal stated, “Rus­sia’s PRO­TEI Ltd has be­gun pro­vid­ing in­ter­net-cen­sor­ship soft­ware to Iran­ian mo­bile-ser­vices provider Ari­antel, ac­cord­ing to doc­u­ments pub­lished by the Cit­i­zen Lab, a Uni­ver­sity of Toronto-based re­search cen­ter. Cit­i­zen Lab said there is ev­i­dence that the PRO­TEI tools are part of a de­vel­op­ing mo­bile-phone sys­tem that would “en­able state au­thor­i­ties to di­rectly mon­i­tor, in­ter­cept, re­direct, de­grade or deny all Ira­ni­ans’ mo­bile com­mu­ni­ca­tions, in­clud­ing those who are pres­ently chal­leng­ing the regime.”

This blog is not meant to convey any political messages, but I want to highlight the increasing threats facing government entities and corporations worldwide. It’s no coincidence that these two articles about mobile spyware appeared on the same day in one of the most trusted media outlets. This should be a wake-up call for all CEOs and CISOs. There is no denying that these threats are real and continue to be a growing problem, which isn’t just impacting government entities and high-profile targets like journalists and activists, but is a threat to all corporate employees. Mobile spyware is here to stay and continues to become more harmful.

Have You Checked Your Device for Spyware?

Let’s explore what spyware can do once it’s on your device. Mobile spyware can track a user’s location, access their contacts, read SMS and other messaging application messages, record sounds and videos, log keystrokes, and record live video and voice conversations, among other things. There are hardly any differences in the capabilities of state-sponsored spyware versus others that come with applications that are sideloaded or from third-party app stores.

The installation methodology is the real difference in sophistication. Highly sophisticated spyware like Pegasus and Predator can be installed without user interaction. For instance, the Predator “spyware-for-hire” surveillance software uses a malicious link as the initial vector to drop a payload in the device, which is used to install the spyware. However, spyware can be installed through other mechanisms, such as social engineering and phishing tactics, rogue Wi-Fi networks, and malicious apps. Regardless of how it’s installed, spyware is dangerous for every corporation.

Several government agencies and commercial organizations are seeking ways to protect against spyware by banning specific applications on their mobile devices. Although it’s a step in the right direction, it’s not scalable. Security teams have very limited visibility into which devices have these rogue or “banned” applications installed. Additionally, many instances of spyware come in the form of an SDK, which can be installed in hundreds of applications. Lastly, new spyware is being released every day, making it nearly impossible to keep track of. In 2022 alone, Zimperium zLabs discovered over 3,000 new samples of spyware.

How Zimperium Mobile Threat Defense (MTD) Can Help

To understand your risk posture and defend against mobile spyware, corporations need a solution that can proactively protect against the initial attack vectors, such as rogue Wi-Fi networks, phishing, and malicious or sideloaded apps. The solution must be able to identify and block traffic to these malicious backends, even if the spyware is in the form of an SDK inside another approved application.

Government entities and corporations using the Zimperium Mobile Threat Defense (MTD) solution are protected from spyware and associated installation mechanisms. Zimperium’s unique phishing protection is a crucial security feature to prevent users from clicking malicious links via our on-device threat detection engine, delivering privacy focussed on device zero-day detection.

To ensure your employees and enterprise are protected from spyware and other pervasive mobile threats, contact us today.

Avatar photo
Chief Executive Officer. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today