Back

Morpheus Spyware: New Threat Linked to IPS Intelligence Uncovered

Severity: High (Score: 64.5)

Sources: Techcrunch, Mezha, osservatorionessuno.org

Summary

A new Android spyware named 'Morpheus' has been identified, linked to IPS Intelligence, an Italian company known for lawful interception technology. The spyware, which masquerades as a phone updating app, exploits Android's accessibility features to steal sensitive data from targets. The infection method involves social engineering, where victims receive an SMS prompting them to install the malicious app after their mobile data is blocked. Once installed, Morpheus can record audio, take screenshots, and access WhatsApp accounts by tricking users into providing biometric data. The spyware's capabilities raise concerns about its potential use against activists and journalists. The report by Osservatorio Nessuno highlights the growing demand for such low-cost spyware among law enforcement agencies. The spyware is designed to operate stealthily, leveraging permissions that are typically restricted in newer Android versions. Current investigations are ongoing, with IPS Intelligence not responding to inquiries about the report. Key Points: • Morpheus spyware exploits Android's accessibility features to steal data. • The infection method involves social engineering through SMS prompts. • The spyware is linked to IPS Intelligence, a company providing lawful interception tools.

Key Entities

  • Malware (attack_type)
  • Italy (country)
  • Ukraine (country)
  • assistenza-sim.it (domain)
  • gmail.com (domain)
  • host.org (domain)
  • libaprafocofb.so (domain)
  • studiocarnevale.net (domain)
  • Government (industry)
  • 109.239.245.172 (ipv4)
  • 195.120.31.91 (ipv4)
  • 2.116.18.124 (ipv4)
  • 212.210.1.211 (ipv4)
  • 217.56.196.66 (ipv4)
  • Morpheus (malware)
  • T1056 - Input Capture (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1113 - Screen Capture (mitre_attack)
  • T1547 - Boot Or Logon Autostart Execution (mitre_attack)
  • Android (platform)
  • WhatsApp (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed