Back

Morpheus Spyware: New Threat from Italian Surveillance Software

Severity: High (Score: 62.5)

Sources: Techcrunch, osservatorionessuno.org, Benzatine, Mezha

Summary

A new Android spyware named Morpheus has been identified, linked to the Italian company IPS Intelligence. This spyware masquerades as a phone update app and exploits Android's accessibility features to gain control over devices. Victims are tricked into installing the malware through social engineering tactics, such as receiving SMS messages from their mobile provider that claim to restore service. Once installed, Morpheus can steal sensitive data, access WhatsApp accounts, and perform various invasive actions. The spyware's distribution method reflects a growing trend among law enforcement agencies to use low-cost surveillance tools. The report by Osservatorio Nessuno highlights the increasing demand for such spyware, which operates largely out of public view. The malware's infrastructure suggests its Italian origins, with cultural references found in its code. IPS has not responded to inquiries regarding the allegations. Key Points: • Morpheus spyware is linked to IPS Intelligence and masquerades as a phone update app. • Victims are tricked into installing the spyware through SMS messages from their mobile providers. • The spyware exploits Android's accessibility features to access sensitive information and control devices.

Key Entities

  • Malware (attack_type)
  • WhatsApp (platform)
  • Android (platform)
  • Italy (country)
  • Ukraine (country)
  • assistenza-sim.it (domain)
  • gmail.com (domain)
  • host.org (domain)
  • libaprafocofb.so (domain)
  • studiocarnevale.net (domain)
  • Government (industry)
  • 109.239.245.172 (ipv4)
  • 195.120.31.91 (ipv4)
  • 2.116.18.124 (ipv4)
  • 212.210.1.211 (ipv4)
  • 217.56.196.66 (ipv4)
  • Morpheus (malware)
  • T1056 - Input Capture (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1113 - Screen Capture (mitre_attack)
  • T1547 - Boot Or Logon Autostart Execution (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed