In a recent revelation, Italian digital rights organization Osservatorio Nessuno has uncovered a new spyware named Morpheus, which has been cleverly disguised as a phone update application. This malware is engineered to extract a wide array of data from the devices of unsuspecting users.
The report indicates that the demand for spyware from law enforcement agencies is escalating, prompting numerous companies to enter this shadowy market. The spyware in question is linked to IPS, an Italian firm with over three decades of experience in lawful interception technology, which enables governments to monitor real-time communications over phone and internet networks.
IPS claims to operate in over 20 countries, primarily providing services to various Italian police forces. However, the existence of its spyware product remained largely undisclosed until now. The researchers categorized Morpheus as a "low-cost" spyware due to its reliance on a basic infection method that tricks targets into installing the software themselves.
More sophisticated spyware providers, like NSO Group and Paragon Solutions, utilize advanced techniques known as zero-click attacks, allowing them to breach devices without any user interaction. In contrast, Morpheus employs a strategy where the target's mobile provider intentionally restricts data access, subsequently sending an SMS that prompts the user to install what appears to be a legitimate update.
Once installed, Morpheus exploits Android's accessibility features, enabling it to read screen data and interact with other applications. The malware is capable of accessing a wealth of information, including personal messages and contacts.
The spyware also mimics a system update, presenting a fake reboot screen and even impersonating the WhatsApp application to solicit biometric data from the user. This tactic grants the spyware full access to the victim's WhatsApp account, a method previously observed in various spy campaigns targeting individuals in Italy and Ukraine.
Decoding the Spyware's Origins
Researchers Davide and Giulio from Osservatorio Nessuno established a connection between the spyware and IPS based on specific IP addresses linked to the company. They also noted the presence of Italian language fragments within the malware's code, a peculiar trait that has emerged among Italian spyware developers.
While the exact target of the Morpheus spyware remains undisclosed, the researchers suspect it is related to political activism in Italy, a context where such targeted attacks are increasingly prevalent. A cybersecurity expert corroborated their findings, affirming that the malware is indeed developed by an Italian surveillance technology firm.
The emergence of IPS as a significant player in the spyware industry underscores a broader trend of Italian companies filling the void left by the now-defunct Hacking Team. This shift highlights the ongoing evolution of digital surveillance technology and its implications for privacy and security.
As the landscape of digital surveillance continues to evolve, the implications of such developments raise important questions about privacy, security, and the ethical use of technology in the future.
