Spyware risks are rising fast, and you should definitely be worried — even Google says so

News
By published

Google tracks at least 40 companies building commercial spyware

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Companies developing spyware and offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good. 

This is according to a new report from Google, which highlights the growing concern of commercially developed spyware.

Now, according to Google’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. One of their bigger roles is discovering zero-day vulnerabilities. In fact, Google claims CSVs are behind half of known zero-day exploits targeting Google products and the Android ecosystem.

Buying spying

Commercial spyware companies have hit the headlines in recent weeks due largely to the exploits of NSO Group. This Israeli-based start-up developed a tool called Pegasus, and claimed it was designed to help governments around the world defend against terrorist attacks and similar threats. Instead, Pegasus was found used on government officials in the UK and the EU, and many cybersecurity researchers and privacy advocates were warning of Pegasus being used against government opponents, journalists, intellectuals, or dissidents. This prompted the US, for example, to blacklist NSO Group.

Furthermore, the demand for “turnkey espionage solutions” is on the rise. CSVs offer pay-to-play bundles that not only abuse zero-days to work around cybersecurity solutions and antivirus programs, but also spyware, and the infrastructure necessary to harvest and exfiltrate sensitive information from the targets. 

Among CSVs are those working on discovering vulnerabilities, those working on selling exploits, those building spyware solutions, and finally - government customers who purchase these bundles and propel this industry forward. 

“CSVs have proliferated hacking and spyware capabilities that weaken the safety of the internet for all. This is why we discover and patch vulnerabilities used by CSVs, share intelligence strategies and fixes with industry peers and publicly release information about the operations we disrupt,” Google’s researchers concluded. 

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Giant eye watching at man working at the computer. Surveillance, hacking, internet security concept. Flat vector illustration.
Israeli spyware company confirms US government and friends are customers
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
Stalkerware
New spyware found to be snooping on thousands of Android and iOS users
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Cristin Milioti in Black Mirror season 7

Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
See more latest
Most Popular
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Global Special Forces server
AI server designed for Chinese military use wins major global design award in Europe
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP