surveillance Archives

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 27, 2026

Google’s new developer rules are pushing a top privacy period tracker off certified Android devices

The privacy-centric period tracking app, Periodical, will not comply with Google's new developer verification policy requiring app developers to submit government-issued identification. As a result, the developers have decided to withdraw from the official Android ecosystem, raising concerns about user privacy and access to reproductive health tools. Periodical is praised for storing data locally without third-party trackers, which is crucial given the risk of law enforcement accessing digital health data. Users are uncertain about the app's future and are being directed to its GitHub repository for updates, as the new policy will complicate the installation of unverified apps. Users will need to enable Developer Options and navigate complex settings to sideload the app, which may deter many from tracking their menstrual cycles.

AppWizard

April 27, 2026

RIP Signal: Russians kill trust in many EU diplomats’ beloved messaging app

Signal is experiencing a crisis of trust due to security breaches, including successful infiltrations by Russian hackers in Germany and the Netherlands. Senior EU officials have disbanded a Signal group due to hacking fears. Accessing Signal chat content on the dark web can cost between ,000 to ,000, while WhatsApp data is cheaper, ranging from ,000 to ,000. Personal information, such as travel histories, can be bought for 0 to 0, especially for individuals who have traveled to countries known for data leaks. Investigations revealed that Russian diplomats' medical records, banking information, and dating site usernames are available on the black market. Location tracking can be precise when certain applications are downloaded. A Kazakh refugee in Brussels faced high-definition surveillance, and local laws challenge private detectives' effectiveness. State actors have used Israeli spyware like Pegasus to target journalists and adversaries. The prospect of secure communication is diminishing, with online exchanges increasingly seen as vulnerable.

AppWizard

April 24, 2026

Another spyware maker caught distributing fake Android snooping apps

The Italian digital rights organization Osservatorio Nessuno has revealed a new malware called Morpheus, used by government agencies for surveillance. Morpheus is disguised as a phone updating application and can extract various data from targets' devices. The spyware is linked to IPS, an Italian firm specializing in lawful interception technologies, which claims to operate in over 20 countries. Morpheus is categorized as "low cost" due to its straightforward infection method, which involves tricking targets into installing the software. Authorities collaborated with the target's mobile service provider to obstruct data and send an SMS prompting the installation of the malware. Once installed, Morpheus exploits Android's accessibility features to access extensive information and masquerades as the WhatsApp application to solicit biometric data. The spyware's code contains Italian phrases and references to "Gomorra," indicating its connection to the Italian spyware industry. The attack is likely linked to political activism in Italy. IPS is among several Italian spyware manufacturers that have emerged following the decline of Hacking Team.

AppWizard

April 11, 2026

Security researchers find 213 vulnerabilities in Russia’s state-backed messaging app Max

Security researchers discovered 213 vulnerabilities in Max, Russia's state-backed messaging app, during a bug bounty initiative. This information was shared by Alexei Batyuk, CTO of Positive Technologies, at the Svyaz-2026 exhibition. The bug bounty program has been active since July 1, 2025, resulting in 288 accepted vulnerability reports and total payouts of nearly 22 million rubles. Common vulnerabilities could allow unauthorized access to user data through the manipulation of object identifiers. Max's press service claimed that user data is "reliably protected" and emphasized the importance of independent white-hat hackers in identifying vulnerabilities. Max was launched by VK in March 2025 and is being promoted by Russian authorities amid efforts to block other messaging platforms like Telegram and WhatsApp. The app has faced criticisms regarding user surveillance and security vulnerabilities.

AppWizard

April 10, 2026

Privacy Messenger Session Is Staring Down a 90-Day Countdown to Obscurity

The messaging app Session, which prioritizes user privacy and offers end-to-end encryption without requiring personal information for registration, is facing potential closure and has issued a call for support. The Session Technology Foundation (STF) has received funding to support operations for 90 days but will rely on volunteers after all paid staff have been let go. Development activities have paused due to insufficient funding, affecting the introduction of new features and the resolution of existing bugs. The STF has stated that it needs million to complete ongoing projects and introduce a subscription model to achieve self-sustainability. As of now, 0,000 has been raised towards this goal. Users can contribute at getsession.org/donate.

AppWizard

April 9, 2026

Bitchat Review: How Jack Dorsey’s Private Offline Messenger Works

Bitchat employs the Noise Protocol Framework, specifically the XX pattern, for encrypted and authenticated communication. The Android version uses X25519 for key exchange and AES-256-GCM for message encryption. Bitchat operates without a central infrastructure, phone numbers, or traditional accounts, which reduces data collection and risks of censorship and surveillance. The app relies on Bluetooth connectivity, requiring physical proximity between users, which can enhance security but may lead to device identification. Metadata about nearby devices and connection instances may still be retained. Bitchat has not yet undergone a comprehensive external security audit, raising concerns despite its focus on privacy and encryption.

AppWizard

April 9, 2026

Conspiracy Theories Are Eclipsing the Real Dangers of Russia’s Messaging App Max

Russia's state-run messaging app, Max, allows authorities to monitor personal messages and calls extensively. Many Russians continue to use WhatsApp and Telegram, which are out of government reach. Following a WhatsApp ban, the government is considering restrictions on Telegram. Intelligence agencies have created bots on Telegram that can lead to legal consequences for users. The Max app offers complete surveillance of messages, photos, and calls without such provocations. Despite efforts to make Max appealing through features like age verification and integration with Gosuslugi, users are reluctant to switch from existing platforms. The government has attempted to position Max as the primary communication tool by potentially eliminating competitors, but Telegram's popularity remains a significant barrier. Recent decisions have eased restrictions on Telegram, and officials now emphasize that using Max is "optional." Some users, including officials, prefer to use Max on separate devices for security. Concerns about Max's geolocation capabilities and its access to other applications are often exaggerated, and the app has faced scrutiny regarding surveillance practices. Developers have reduced checks on VPN usage, but public distrust persists. Many users focus on the risks posed by Max while neglecting other security vulnerabilities. Effective risk mitigation requires a rational assessment of threats and increased digital literacy.

AppWizard

April 7, 2026

Telegram to adapt to Russian restrictions, making traffic harder to detect and block, says app founder

Telegram's founder, Pavel Durov, announced that the messaging platform will adapt to increasing restrictions from the Russian government to make its traffic harder to detect and block. Approximately 65 million Russians use Telegram daily via VPNs, with over 50 million actively sending messages despite government efforts to slow down the service. The Russian government has attempted to ban VPNs, impacting the banking sector, and Durov compared the situation to Iran's previous Telegram ban, noting a similar rise in VPN usage. In February, Russia's communications regulator began slowing down Telegram for non-compliance with requests to remove prohibited content. Durov is under investigation for potential criminal charges related to aiding terrorist activities, which he claims are pretexts to limit access to Telegram. The crackdown on foreign communication tools has intensified, with recent restrictions on WhatsApp, and Kremlin spokesperson Dmitry Peskov has urged citizens to use the state-developed messaging app "Max." Telegram remains crucial for communication, especially for military purposes, amid pressure from Roskomnadzor, the Russian agency monitoring mass media.

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.