Israeli spyware found on Palestinian, Russian, Turkish computers
Spyware made by Israeli hacker-for-hire company Candiru has been traced on several computers in countries across Europe and the Middle East, according to reports in ESET's 2021 Threat Report.
Candiru's DevilTonge malware was found on 10 computers in Albania, Russia, Israel, Palestine and Turkey, according to research conducted in July by Citizen Lab and Microsoft Threat Intelligence Center.
Candiru's products include solutions for spying on mobile phones, computers, and cloud accounts where, according to the research, DevilsTongue malware "is sold to third parties, which can abuse it to spy on various victims, including human rights defenders, dissidents, journalists, activists, and politicians".
ESET found that the malware was highly targeted as each computer infected with the virus contained a unique PE (portable executable) resource, which differed from victim to victim.
Candiru's tracks are largely hidden as the company doesn't appear to have a website nor does it have many traces online.
According to Citizen Lab, the spyware firm "has undergone several name changes" since it was founded in 2014 and reportedly recruits staff from the Israeli Defence Force’s (IDF) intelligence subdivision, Unit 8200.
Similar to NSO Group, Candiru restricts its customer base to only approved countries and where Citizen Lab used internet scanning to find the spyware infrastructure linked to many well-known websites including Amnesty International, the Black Lives Matter movement and other media companies.
In July, NSO's Pegasus scandal made international headlines when governments faced allegations that they used Israeli-made malware to spy on the phones of activists, journalists, corporate executives, and politicians.