Advanced Israeli malware: no interaction, no trace

Overview of a busy newsroom

Israeli spyware was used to hack the phones of dozens of Al Jazeera staff. (Osama Bhutta / Flickr)

There is advanced Israeli malware that can hack into your device without requiring you to interact with it or leaving a visible trace.

In earlier versions, the malware produced by Israeli spy firm NSO Group required a target to click a link or open a document.

In more recent versions, the targeted person may still receive a message or phone call containing the malware, but their device can be infected without them having to click on anything.

None of that is required any longer.

The phones of dozens of media personnel have been infected with the advanced spyware, the Canadian cybersecurity organization Citizen Lab has revealed.

Suspected government agents used malware produced by NSO Group to hack into the phones of 36 journalists, producers, anchors and executives at Al Jazeera, and the phone of a journalist at the London-based Al Araby between July and August.

Citizen Lab named Palestinian investigative journalist Tamer Almisshal and Moscow correspondent Ranya Dridi as two of the Al Jazeera journalists whose phones were breached.

Dridi’s phone was hacked at least six times within nine months, according to Citizen Lab.

Citizen Lab concludes with “medium confidence” that the United Arab Emirates was behind hacking 15 of the phones, while Saudi Arabia was behind another 18 intrusions. Four other phones were breached by two other operators.

One of the phones targeted by the operator linked with the UAE used the same internet domain name that was used to hack Emirati human rights advocate Ahmed Mansoor with NSO Group software in 2016.

The UAE has also previously used NSO Group malware in attempts to spy on Qatar’s Emir Tamim bin Hamad Al Thani, Lebanese Prime Minister Saad Hariri and a Saudi prince, The New York Times reported in 2018.

No interaction, no trace

Earlier versions of NSO Group’s Pegasus software required the targeted person to interact with the malware by clicking on a link or opening a document sent by those doing the spying.

That would then allow for the installation of sophisticated malware on the device that can go undetected and send the user’s personal…