Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Spyware risks are rising fast, and you should definitely be worried — even Google says so

Data Breach.

Companies developing spyware and offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good. 

This is according to a new report from Google, which highlights the growing concern of commercially developed spyware.

Now, according to Google’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. One of their bigger roles is discovering zero-day vulnerabilities. In fact, Google claims CSVs are behind half of known zero-day exploits targeting Google products and the Android ecosystem.

Buying spying

Commercial spyware companies have hit the headlines in recent weeks due largely to the exploits of NSO Group. This Israeli-based start-up developed a tool called Pegasus, and claimed it was designed to help governments around the world defend against terrorist attacks and similar threats. Instead, Pegasus was found used on government officials in the UK and the EU, and many cybersecurity researchers and privacy advocates were warning of Pegasus being used against government opponents, journalists, intellectuals, or dissidents. This prompted the US, for example, to blacklist NSO Group.

Furthermore, the demand for “turnkey espionage solutions” is on the rise. CSVs offer pay-to-play bundles that not only abuse zero-days to work around cybersecurity solutions and antivirus programs, but also spyware, and the infrastructure necessary to harvest and exfiltrate sensitive information from the targets. 

Among CSVs are those working on discovering vulnerabilities, those working on selling exploits, those building spyware solutions, and finally - government customers who purchase these bundles and propel this industry forward. 

“CSVs have proliferated hacking and spyware capabilities that weaken the safety of the internet for all. This is why we discover and patch vulnerabilities used by CSVs, share intelligence strategies and fixes with industry peers and publicly release information about the operations we disrupt,” Google’s researchers concluded. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.