An Italian digital rights organization, Osservatorio Nessuno, has brought to light a new Android spyware operation, revealing evolving tactics in digital surveillance. In a report published on Thursday, the group introduced "Morpheus," a previously undocumented surveillance tool that researchers have attributed to IPS, an Italian company with a history spanning over 30 years in providing lawful interception technologies. This discovery underscores the persistent and often clandestine efforts by various entities to develop and deploy tools for digital espionage, suggesting a high demand for such capabilities among law enforcement and intelligence agencies.
Unlike the sophisticated and costly "zero-click" exploits famously utilized by prominent industry players such as NSO Group and Paragon Solutions, Morpheus employs a more rudimentary yet highly effective infection mechanism. Classified by researchers as "low cost" spyware, its deployment relies heavily on social engineering combined with direct network interference. The initial breach involved a deliberate blocking of the target's mobile data by their cellular provider. Subsequently, the telecom provider sent an SMS prompt to the target, instructing them to install an application supposedly designed to update their phone and restore internet connectivity, a strategy that has been documented in other similar cases involving Italian spyware makers.
Once successfully installed, Morpheus masquerades as a legitimate phone updating application, capable of stealing a broad array of sensitive data from the compromised device. The malware initiates a deceptive fake update process, displays a simulated reboot screen, and then spoofs the WhatsApp application. During this spoofed interaction, the target is prompted to provide biometric authentication, ostensibly to verify their identity. Unbeknownst to the user, this biometric input grants the spyware full, unauthorized access to their WhatsApp account by surreptitiously adding a new device to the account.
Osservatorio Nessuno's researchers, identified as Davide and Giulio, meticulously linked Morpheus to IPS based on compelling forensic evidence derived from the spyware's infrastructure. Key indicators included an IP address associated with the campaign that was registered to "IPS Intelligence Public Security." The analysis also uncovered several fragments of code containing Italian phrases, a recurring signature within the Italian spyware industry. These linguistic clues included references to "Gomorra," a well-known book and TV show about the Neapolitan mob, and even the word "spaghetti.
The emergence of Morpheus highlights a significant and expanding demand for surveillance technology among Italian police forces and broader intelligence agencies, with numerous companies operating to meet this need, often outside public scrutiny. This "low cost" approach differentiates Morpheus from high-end government spyware, which typically leverages expensive and hard-to-find zero-click vulnerabilities for stealthy, invisible infections. IPS’s entry into this specific segment positions it as the latest in a series of Italian spyware makers that have emerged to fill the vacuum left by the defunct Hacking Team. Hacking Team, once a dominant force in the global spyware market, especially within Italy, faced significant setbacks after being hacked and subsequently rebranded.
The ongoing investigation into Morpheus also draws attention to a pervasive landscape of digital surveillance in Italy, where researchers have previously exposed several other developers, including CY4GATE, eSurv, GR Sistemi, Movia, Negg, Raxir, RCS Lab, and SIO. A recent incident earlier this month saw WhatsApp notifying approximately 200 users who had inadvertently installed a fake version of the app, which was in fact spyware developed by SIO. This context is further complicated by past events, such as Italian prosecutors suspending their use of CY4GATE and SIO spyware in 2021. The researchers behind the Morpheus report believe the current attack is "related to political activism" in Italy, a domain where such targeted digital assaults are regrettably common.
Ultimately, the unearthing of Morpheus carries profound implications for global digital privacy, cybersecurity, and the integrity of modern communication platforms. The reliance on manipulating trusted telecom providers to facilitate the initial breach raises serious questions about the inherent vulnerabilities of foundational digital services and the potential for their misuse in surveillance operations. The broad data exfiltration capabilities, coupled with the sophisticated social engineering tactics and exploitation of standard Android features, underscore the persistent and evolving threat posed by such tools.
Sources
Replies (0)
No replies in this topic yet.
