surveillance Archives

AppWizard

August 9, 2025

Decentralizing Trust — An Interview with the Team Behind Session Messenger

Session is a decentralized messaging platform that prioritizes user anonymity and metadata resistance. It operates on a network of community-operated servers, eliminating central authority and personal identifiers such as phone numbers or emails for account creation. This design minimizes risks of data breaches and unauthorized tracking. Session does not collect user metadata, which distinguishes it from other messaging apps that may expose user insights through metadata. Users are assigned randomly generated cryptographic keys instead of traditional identifiers, ensuring secure messaging. Messages are routed via a protocol called Onion Requests, which strips metadata during transmission. The platform is open-source, benefiting from community contributions, and aims to enhance user privacy by employing anonymous routing. Recent developments include a migration to the Session Network for improved accessibility and security, and a move to Switzerland for better data protection. Session is introducing a Pro tier to enhance user experience while maintaining free access for all. The platform emphasizes the importance of transparency and robust design in communication tools.

Tech Optimizer

August 6, 2025

Android spyware posing as antivirus

A new Android spyware campaign called LunaSpy has emerged, disguising itself as an antivirus or banking protection application. It spreads through deceptive messenger links and fraudulent channels, tricking users into downloading it. Once installed, LunaSpy mimics a legitimate scanner and fabricates threat detections while secretly monitoring device activities and stealing sensitive data. Since February 2025, it has been spreading through hijacked contact accounts and new Telegram channels. Users are advised to avoid downloading apps from unofficial links, scrutinize messenger invitations, and only install applications from reputable app stores. Employing reliable antivirus software and being cautious with permissions can enhance device security.

AppWizard

August 6, 2025

Fake Antivirus App Delivers LunaSpy Malware to Android Devices

A cybercrime campaign is targeting Android users with counterfeit antivirus applications that install LunaSpy spyware on devices. This campaign has been active since at least February 2025 and spreads through messaging apps and fake Telegram channels. Cybercriminals use social engineering tactics to trick users into installing the malware by presenting it as legitimate security software. Once installed, the app performs fake scans and generates alarming reports to manipulate users into granting extensive permissions, allowing access to personal data, including passwords and financial details. LunaSpy can steal passwords, record audio and video, access text messages, track locations, and capture screen activity. It communicates with attackers through around 150 domains and IP addresses. Users are advised to avoid unofficial software sources and be cautious with download requests.

AppWizard

August 6, 2025

Russia mandates use of new state-controlled messaging app

The Kremlin is launching Max, a state-controlled messaging application for government officials, with a full implementation deadline of September 2025. Developed by VK Company, Max integrates various government services and financial transactions, raising privacy concerns. The Russian government plans to phase out foreign apps like WhatsApp, which currently has a 70% user base. Max will be pre-installed on all new devices sold in Russia starting September 2025. As of July 2025, over 2 million users have registered on the app, which has been labeled a "digital gulag" by cybersecurity experts due to its potential for state-sponsored surveillance. Human rights organizations are concerned about its impact on digital freedoms amid increasing government suppression of dissent.

AppWizard

July 29, 2025

ANDROID MALWARE POSING AS INDIAN BANK APPS

The report discusses a sophisticated Android malware targeting users in India, which disguises itself as legitimate banking applications to steal credentials and conduct unauthorized financial activities. The malware employs advanced techniques such as silent installation, exploitation of Android permissions, and remote command execution to avoid detection. It utilizes Firebase for command-and-control operations and phishing pages that mimic real banking interfaces. The malware consists of a modular architecture with a dropper and a main payload. The dropper requests several Android permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, which facilitate reconnaissance and persistence. The dropper uses a silent installation mechanism to load additional payloads without user awareness. The main payload requests permissions that enable data theft and stealthy operation, such as READSMS, SENDSMS, and RECEIVEBOOTCOMPLETED. It hides itself from the user's app list and employs separate classes for specific malicious tasks, including harvesting user credentials and collecting debit card information. The phishing page mimics a legitimate banking app to capture user data effectively. The malware also monitors incoming SMS messages, extracts critical metadata, and can silently forward calls to an attacker-controlled number. A specific APK sample impersonating an Indian banking application was observed on April 3, 2025, highlighting ongoing trends in mobile-based credential theft and financial fraud. Recommendations include enforcing stricter mobile application security standards, launching public awareness campaigns, implementing threat intelligence-driven filtering, and deploying mobile endpoint detection solutions.

AppWizard

July 28, 2025

Alert for Android users: Experts say these apps could be spying on you

A comprehensive investigation by Which? and Hexiosec analyzed 20 popular Android applications, revealing that all request permissions that could compromise user privacy. The Xiaomi Home app had the highest number of permission requests at 91, followed by Samsung SmartThings with 82, Facebook with 69, and WhatsApp with 66. While some permissions are necessary for functionality, the excessive requests raise concerns about digital surveillance. TikTok faced scrutiny for its audio recording and device file access requests, while Temu was criticized for excessive promotional emails linked to its location access. Amazon defended its camera access requests as enhancing user experience, and Meta stated that its apps do not use the microphone without user involvement. The investigation highlights the trade-off between free services and the collection of personal data.

AppWizard

July 27, 2025

Inside Putin’s attempt to construct a ‘digital gulag’ spy app to snoop on Russians

The new messenger app Max, developed by VK, will be a standard feature on all new digital devices sold in Russia starting this September. It aims to integrate messaging, video calls, government services, and mobile payments. Experts express concerns that Max could enhance Kremlin surveillance capabilities, as its servers will be governed by local laws allowing the FSB to access user data. There is an increasing likelihood of a ban on WhatsApp, which is currently used by over 70% of Russians, as part of a strategy to promote Max. Opposition journalist Andrey Okun describes Max as a tool for creating a "digital gulag," while experts note it normalizes state surveillance of internet usage in Russia. The Russian government has designated WhatsApp as an extremist organization, and tactics may be employed to transition users to Max. Although the shift may not change the organized opposition landscape significantly, it could discourage casual dissent. Historically, the government has attempted to block services like Telegram, with renewed efforts expected by the end of the year.

Winsage

July 27, 2025

Windows 10 is the reason why we are so conscious about privacy now

Microsoft introduced the Recall feature in Windows 11 about a year ago, which was intended to record and remember users' activities. The feature faced significant backlash over privacy concerns, leading to its retraction. Users were uncomfortable with the idea of Microsoft recording their actions, despite assurances that data processing would occur locally. The launch of Windows 10 in 2015 also faced criticism due to telemetry, which is the collection of anonymized data for monitoring software performance. This led to perceptions of surveillance and privacy infringement, prompting Microsoft to implement new privacy controls. By 2017, increased transparency and enhanced privacy features improved user reception. Despite the backlash, telemetry remains a standard practice in software development, and Microsoft has become more aware of privacy concerns, influencing user vigilance regarding data. As Windows 10 approaches its tenth anniversary on July 29, 2025, it highlights the heightened awareness of software privacy among users.

AppWizard

July 26, 2025

Russia launches new messenger app that can spy on citizens

Russia is set to unveil a new device featuring an application called Max, which integrates messaging, video calls, payments, and access to government services. There are concerns about potential state surveillance due to data being stored on Russian servers, which could be accessed by the Federal Security Service (FSB). The possible ban on WhatsApp may drive users to adopt Max as their primary communication tool. Critics argue that Max represents a shift towards increased digital control, potentially compromising personal freedoms by combining communication and government services in one platform.

AppWizard

July 25, 2025

Fake Indian Banking Apps on Android Steal Login Credentials from Users

A recently discovered malicious Android application poses significant risks by masquerading as legitimate banking apps in India. It facilitates credential theft, conducts surveillance, and executes unauthorized financial transactions. The malware operates on a modular architecture with a dropper and primary payload, employing deceptive user interfaces and silent installation techniques to evade detection. The dropper requests extensive permissions, including ACCESSNETWORKSTATE, REQUESTINSTALLPACKAGES, and QUERYALLPACKAGES, to monitor connectivity, install secondary APKs without user awareness, and profile installed apps. It loads a hidden payload and initiates installation using an INSTALL_NOW flag, bypassing app store scrutiny. The main payload requests additional permissions such as READSMS, SENDSMS, and RECEIVESMS for intercepting one-time passwords (OTPs) and two-factor authentication (2FA) codes. It also requests REQUESTIGNOREBATTERYOPTIMIZATIONS, READPHONESTATE, and READPHONENUMBERS for uninterrupted execution, device fingerprinting, and potential call forwarding abuse. Data exfiltration occurs through Firebase Realtime Database, storing user IDs and intercepted SMS metadata. The malware uses Firebase for command-and-control operations and generates phishing pages resembling authentic banking interfaces. Delivery methods include smishing, email phishing, WhatsApp bots, vishing calls, SEO-poisoned websites, malvertising, Trojanized utilities, QR/NFC attacks, preloaded malware on counterfeit devices, and exploitation of accessibility service vulnerabilities. Indicators of compromise include specific SHA256 hashes for the base payload and main payload.