Android commercial spyware

There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method. There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is type something like “android spy app” into Google.

They are called ‘commercial’ because anyone can buy an app like this for just a few dollars.

Kaspersky Lab mobile products detect this sort of commercial Android spyware as not-a-virus:Monitor.AndroidOS.*. According to our telemetry, the popularity of these apps has been growing in recent years:

Unique users attacked by not-a-virus:Monitor.AndroidOS.*, 2016-2017

That’s why we decided to take a closer look at this controversial type of mobile software.


Almost all commercial spyware apps are installed by manually accessing the target’s phone, and this is the only big difference between these apps and classic malicious spyware like DroidJack or Adwind. Customers have to download the app, install it and enter credentials that are received after purchasing. After that, the spying app becomes invisible on the phone. Installation usually only takes a couple of minutes.

Regular installation process (

Some of these tools use device admin features to gain persistence and self-protection on the target’s phone.

So what does the customer get? Features may vary, but some of them are present in almost all these kinds of apps:


  • Stealing SMSs
  • Stealing calls (logs/recordings)
  • GPS tracking
  • Stealing browser data (history/bookmarks)
  • Stealing stored photos/videos
  • Stealing address books (with emails and even photos sometimes)

And if you’re still not impressed, then check out the actual feature lists (in addition to the above) of some popular commercial spyware for Android. We have added the infamous Pegasus APT and Droidjack spyware to our comparison table below to show the difference in features between them and monitoring apps. Pegasus is an advanced persistent threat, created by NSO Group. Droidjack is an RAT that was sold some time ago for a $210 lifetime license. This tool is more akin to TrojWare, because of features such as remote installation and customization of your own C&C server. However, even after several users in European countries were arrested, malware author Sanjeevi claimed that Droidjack is “very useful for users who use it legally”. He stated that “Droidjack is a parental tool for remote Android administration. It is strictly meant for that and no other reasons”. Anyone who breaks these rules, adds Sanjeevi, will have their license revoked.

Stealing emails Stealing surrounding voice Stealing scheduled tasks/ calendar/ notes Stealing social media/IM data Backdoor behavior (e.g., remote control) Photo/ video/ screenshot capture Keylogging Stealing clipboard
Pegasus + + + + + + +
DroidJack + + + +
TiSpy + + + + + + +
Exaspy + + + + + +
iKeyMonitor + + + + + +
Mobistealth + + + + + +
mSpy + + + + +
iSpyoo + + + + +
SpyHuman + + + +
TheftSpy + + + +
TheTruthSpy + + + +
OneSpy + + + +
Highster Mobile + +
Spymaster Pro + +
DroidWatcher + +

This comparison table shows that the difference between known sophisticated spyware and some commercial monitor apps is not that great and, in some cases, monitor applications can even grab more private user information.

Exaspy is an especially interesting case. This is a classic monitor application with a regular manual-access installation method (you have to enter license credentials after installation to start spying):

However, after news about a high-profile victim – a senior executive at a company – this monitor app is considered illegal for now. Note that there are a lot of similar apps that can result in cases like this.

Some special features (spying on social media apps, for example) only work on a rooted device, but the list is still impressive. The ‘Stealing social media/IM data’ feature is particularly important. It means that the spyware is able to attack other social media or messenger apps (depending on the specific product), for example, Facebook, Viber, Skype, WhatsApp, etc. As a result, an attacker can observe messenger conversations, feeds and other personal data from the victim’s social media profile.

These products use the same techniques as standard malicious spyware to steal data, and sometimes on a bigger scale. For example, here is a fragment of code from a commercial application called OneSpy with a list of external attacked applications:

As you can see, the commercial app is interested in all popular social media apps and messengers.

It’s ‘legal’

Above we mentioned that some commercial Android spyware apps like Exaspy were recognized as illegal after investigations. But many commercial spyware applications are still considered legitimate because, according to their sites, they were created “for everyone who needs a helping hand in protection of their loved-ones, their children, family and employees”.

Some of them claim that their products are ‘100% undetectable’. This may be true for the naked eye, but definitely not for our products.

But why do we think commercial spyware poses a danger and why do we detect it? There are several reasons:


  • Almost all commercial spyware is distributed from its own site and landing pages. This results in vendors prompting users to enable the “Allow install of non-market applications” setting. This setting is very important for device safety because enabling it makes an Android device vulnerable to malware installation. For security reasons this method of distribution is contrary to Google policy.
  • Because some spying features only work on a rooted device, many vendors recommend rooting the targeted device. This opens the door for potential malware infection, and moreover, device rooting is contrary to Google policy.
  • Not every vendor can guarantee the safety of personal data, and that applies not only to hacker attacks but also to simple methods of product security.

The last point is very important and our concerns aren’t baseless. I analyzed one commercial spyware app, investigating the vendor’s main site and C&C server. I soon found lots of files that had been uploaded to the server and that turned out to be users’ personal data collected by the app. Private files were stored on the server without any protection and could be accessed by anyone.

uh… security?

Many users of spyware apps who want to monitor the private lives of their relatives simply don’t understand that they may not be the only ones who will have access to such information.

To sum up, installing such apps, even on your child’s device, is a risky step that could lead to malware infection, data leaks or other unpleasant consequences. In our products we use a special technology for Android OS that helps detect dangerous apps capable of violating a customer’s data privacy. There is one simple and very important tip for everyone – always protect your phone with a password, PIN or fingerprint, so an attacker won’t be able to manually access your device.

Read more here:: Securelist

UK Dark Fibre Ruling Forces Ofcom to Revoke Business Connectivity Changes


The UK telecoms regulator has today announced that they are revoking and re-examining the changes imposed under their 2016 Business Connectivity Market Review (e.g. Dark Fibre Access), which follows a BT supported ruling from the Competition Appeal Tribunal against their market definitions. As a quick recap, Openreach were due to launch an Ofcom proposed Dark […]

Read more here:: ISPreview

Want to try Warp? We just enabled the beta for you

Tomorrow is Thanksgiving in the United States. It’s a holiday for getting together with family characterized by turkey dinner and whatever it is that happens in American football. While celebrating with family is great, if you use a computer for your main line of work, sometimes the conversation turns to how to setup the home wifi or can Russia really use Facebook to hack the US election. Just in case you’re a geek who finds yourself in that position this week, we wanted to give you something to play with. To that end, we’re opening the Warp beta to all Cloudflare users. Feel free to tell your family there’s been an important technical development you need to attend to immediately and enjoy!

Hello Warp! Getting Started

Warp allows you to expose a locally running web server to the internet without having to open up ports in the firewall or even needing a public IP address. Warp connects a web server directly to the Cloudflare network where Cloudflare acts as your web server’s network gateway. Every request reaching your origin must travel to the Cloudflare network where you can apply rate limits, access policies and authentication before the request hits your origin. Plus, because your origin is never exposed directly to the internet, attackers can’t bypass protections to reach your origin.

Warp is really easy to get started with. If you use homebrew (we also have packages for Linux and Windows) you can do:

$ brew install cloudflare/cloudflare/warp
$ cloudflare-warp login
$ cloudflare-warp --hostname --hello-world

In this example, replace with the domain you chose at the login command. The subdomain doesn’t need to exist yet in DNS, Warp will automatically add it for you.

That last command spins up a web server on your machine serving the hello warp world webpage. Then Warp starts up an encrypted virtual tunnel from that web server to the Cloudflare edge. When you visit (or whatever domain you chose), your request first hits a Cloudflare data center, then is routed back to your locally running hello world web server on your machine.

If someone far away visits, they connect to the Cloudflare data center closest to them, and then are routed to the Cloudflare data center your Warp instance is connected to, and then over the Warp tunnel back to your web server. If you want to make that connection between Cloudflare data centers really fast, enable Argo, which bypasses internet latencies and network congestions on optimized routes linking the Cloudflare data centers.

To point Warp at a real web server you are running instead of the hello world web server, replace the hello-world flag with the location of your locally running server:

$ cloudflare-warp --hostname http://localhost:8080

Using Warp for Load Balancing

Let’s say you have multiple instances of your application running and you want to balance load between them or always route to the closest one for any given visitor. As you spin up Warp, you can register the origins behind Warp to a load balancer. For example, I can run this on 2 different servers (e.g. one on a container in ECS and one on a container in GKE):

$ cloudflare-warp --hostname --lb-pool origin-pool-1 http://localhost:8080

And connections to will be routed seamlessly between the two servers. You can do this with an existing origin pool or a brand new one. If you visit the load balancing dashboard you will see the new pool created with your origins in it, or the origins added to an existing pool.

You can also set up a health check so that if one goes offline, it automatically gets deregistered from the load balancer pool and requests are only routed to the online pools.

Automating Warp with Docker

You can add Warp to your Dockerfile so that as containers spin up or as you autoscale, containers automatically register themselves with Warp to connect to Cloudflare. This acts as a kind of service discovery.

A reference Dockerfile is available here.

Requiring User Authentication

If you use Warp to expose dashboards, staging sites and other internal tools to the internet that you don’t want to be available for everyone, we have a new product in beta that allows you to quickly put up a login page in front of your Warp tunnel.

To get started, go to the Access tab in the Cloudflare dashboard.

There you can define which users should be able to login to use your applications. For example, if I wanted to limit access to to just people who work at Cloudflare, I can do:


Enjoy the Warp beta! (But don’t wander too deep into the Warp tunnel and forget to enjoy time with your family.) The whole Warp team is following this thread for comments, ideas, feedback and show and tell. We’re excited to see what you build.

Read more here:: CloudFlare

Cumulus community: giving back and giving thanks

It’s that time of year when people start to get a little sentimental. The seasons change, the new year starts to hurriedly approach, and it makes you want to think about all of the things you’re grateful for. And like a contagious laugh, it looks like some of us here at Cumulus have caught those feelings. We’ve got a lot to give thanks for, so let’s take a moment to reflect on the year so far and all the bounty it’s brought us. Here are some of the things Cumulus Networks is thankful for:

Our company’s continued growth

It’s been an eventful year for Cumulus as we’ve continued to push the boundaries of web-scale networking. So when we receive recognition for our hard work and vision, it means the world to us. This July, we were incredibly grateful to be included in Gartner’s 2017 Magic Quadrant for Data Center Networking in the “visionary” category. Creating a culture of visionaries is incredibly important to us, and it’s great to hear that other people are catching on as well. But the celebration doesn’t stop there. In addition to being recognized for our vision, we were also honored for our innovation this year. Recently, Cumulus Networks was inducted into the JPMorgan Chase Hall of Innovation as a result of our innovation, business value and disruptive nature. We were incredibly humbled by this award, as it shows just how much our team and our loyal customer community can achieve together.

Our team’s latest developments

The Cumulus team has put a lot of hard work and passion into our latest innovations, so let’s give a shout-out to some of the greatest technical accomplishments this year. For starters, we launched NetQ, a telemetry-based fabric validation system that ensures your network is behaving as intended. The team shortly followed-up with Host Pack, software essentials for the host that make container networking a breeze. Then, to give people an easy, completely cost-free way to demo these great products, we developed Cumulus in the Cloud, a prebuilt virtual data center that anyone can use to deploy and test Cumulus technology.

We also made some impressive developments outside of new releases, and dipped our toes into some previously unexplored mediums. In August, Chief Scientist Dinesh Dutt, in conjunction with O’Reilly Media, published the wildly popular book BGP in the Data Center. This handy guide covers the theory, design and operationalization of BGP in data center networks to help you navigate the most popular routing protocol for data centers.

Our team must have really been in an educating mood this year, because in addition to books, blogs and webinars, we added a completely new segment to the learn section of our website. If you’re looking to learn more about web-scale networking, our new how-to video series is for you. Whether you’re configuring IP addresses, preparing to automate your data center or wondering about the differences between traditional versus Linux networking, our highly-qualified instructors will walk you through everything you need to know.

Our local community

Open source networking is all about giving back to the community, and the people at Cumulus believe in that message. So much so, that for the second year in a row, we are proud to participate in the Second Harvest Food Bank. This organization reaches out to members of the Silicon Valley community to donate food to families in need. Our team also recently participated in the Family Giving Tree Back-to-School Drive, and we collected over forty backpacks filled with school supplies for underprivileged children in our local community. It’s been great to watch Cumulus employees band together and show that the Linux Kernel isn’t the only community we contribute to.

The people who make Cumulus great

Last, but certainly not least, we have to give our biggest thank you to the fantastic Cumulus community. And we mean every single member of this community. Whether you’re a customer, a partner, a Cumulus champion or someone who just appreciates what we do, your continuous support means everything to us.

Thank you for being a part of the web-scale revolution, and we wish you all the best this holiday season!

The post Cumulus community: giving back and giving thanks appeared first on Cumulus Networks Blog.

Read more here:: Cumulus Networks

VyprVPN review: A good non-American, American VPN

VyprVPN in brief:

P2P allowed: Yes

Business location: Switzerland

Number of servers: 700+

Number of country locations: 64

Monthly cost: $5 billed annually

Golden Frog’s VyprVPN is a well-known and popular name among VPN aficionados. The price is affordable enough with two payment tiers, the speeds are good, and the company says it owns and manages 100 percent of its infrastructure. It’s also got something of a storied history—as far as Internet companies go—as it was founded by two co-founders of Giganews, a popular Usenet provider.

To read this article in full, please click here

Read more here:: IT news – Security

Pre-Friday Deals: Amazon’s Highest Rated Tech Deals Under $25 – Deal Alert

If you need some practice buying stuff before the big day (Black Friday), Amazon has released a boat load of deals in these days leading up to it. What we’ve done here is simply filtered their list of current deals down to the tech categories we care about, and only the deals $25 or less with 4 or 5 star ratings. Discounted USB cords, chargers, phone accessories, BlueTooth speakers, splitters, and other gadgets. Here it is: An impulse shopper’s dream/nightmare. Enjoy!

To read this article in full, please click here

Read more here:: IT news – Hardware Systems