Legal spyware

The Swiss newspaper “Schweizer Sonntagszeitung” recently published an article on malware experiments conducted by the Swiss Department of the Environment, Transport, Energy and Communications. The full article, in German, can be found here.

The department is clearly considering the use of spyware that has been specifically developed for tapping into encrypted Voice-over-IP connections (e.g. Skype). It is still unclear whether using such a tool could be made legal. In any event, a judge would have to approve each case in advance, similar to the procedure for monitoring normal telephone calls.

The Swiss company that develops the program (and rather ironically offers installation services for antivirus software on their website) has made some interesting statements. They say that the spyware would only be given directly to the Swiss authorities, and that their program would be undetectable by any firewall or antivirus solution. Of course, the latter statement cannot be verified without a sample, but personally I don’t believe it anyway. We all know, that not only signature-based methods can detect malware, but also heuristic and proactive technologies, which antivirus vendors are continuously improving.

On the other hand, even if the spyware could fool all antivirus solutions, it would be highly irresponsible to use such software “in the wild”, no matter what the reason. Sooner or later it would be discovered by other malware developers, and be modified and abused for illegal purposes.

So far this spyware is not in use, and hopefully, that will not change any time soon.

Legal spyware

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox