Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Update: check the latest version of Comodo’s free mobile security app
Your smartphone is your best friend and assistant. But within a few minutes, it can turn into an insidious betrayer. Then it begins tracking every move you make, catching every word you say or write – and pass this information to your adversaries. Your messages, pictures, projects, business, and private talks and all other secrets get into the hands of … actually, anybody who sees you as a target. Cybercriminals, bandits, competitors, jealous spouses or intelligent agencies – this list can be endless.
How Your Smartphone Is Made To Spy On You?
By using special spying programs that can be installed on your smartphone within a few minutes your smartphone is made to spy on you. This programs are openly sold via the Internet and positioned as software for “good purposes”: for parents to monitor their children activities, businessmen to track what their employees do, spouses to catch a cheating partner… Of course, in most countries, such activity is considered illegal itself. But despite that, such programs can be widely used for even more obvious crimes: stealing information from business competitors or preparing to hit a victim by criminals.
Comodo Threat Research Labs analysts deeply explored some of the most popular spying programs, so you’ll be able to see with your own eyes how exactly the mobile spyware works and what it does after penetrating your smartphone.
SpyHide
This spyware, monitors and records many processes on the victim’s smartphone: calls made and received, real-time GPS location of the phone, SMS etc. It has access to the entire contacts list and photos stored on the phone. It’s completely hidden from the smartphone owner. To get the stolen information, the attacker needs to connect and login to the spyware server.
If you wish to look under the hood, here you are. The list below demonstrates the harm SpyHide can do to you. All strings clearly speak for themselves.
SpyHide records and maintains events from the following list:
EVENT_AMBIENT_RECORD_LOG = "event_ambient_record_active"; EVENT_CALL_LOG = "event_call_log"; EVENT_CONTACT_LOG = "event_contact_log"; EVENT_CORE_APP = "event_core_app"; EVENT_GPS_LOG = "event_gps_log"; EVENT_HAS_CONNECTED = "event_has_connected"; EVENT_PHOTO_LOG = "event_photo_log"; EVENT_SMS_INCOMING_LOG = "event_sms_log"; EVENT_SMS_OUTGOING_LOG = "event_sms_outgoing_log"; EVENT_SYNC_AND_FLUSH = "event_sync_and_flush"; SpyHide sends stolen information to the following remote servers: DEFAULT_DATA_SERVER = "flushdataxx.vixxis.net/client"; DEFAULT_DATA_SERVER_NO_PROXY = "flushdataxx.hexxspy.com"; String DEFAULT_WEBSITE = "www.vixxis.net/client"; SpyHide extracts your data about calls, SMS, email, WhatsApp’s history, websites you visited as well as you contact database and your locations; PATH_BACKUP_FILE_CALL = "/call/"; PATH_BACKUP_FILE_CONTACT = "/contact/"; PATH_BACKUP_FILE_GPS = "/gps/"; PATH_BACKUP_FILE_SMS = "/sms/"; PATH_BACKUP_FILE_URL = "/url/"; PATH_BACKUP_FILE_WHATSAPP = "/whatsapp/"; PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + "/BackupEmail/"; It sends all backups to remote server and can download files from there: URL_APP = "/LogApp"; URL_CALL = "/LogCall"; URL_CALL_EX = "/LogListCall"; URL_CHECK_DEVICE_REGISTERED = "/CheckDeviceExist"; URL_CHECK_LOGIN = "/CheckAccount"; URL_CONTACT = "/LogContact"; URL_CONTACT_EX = "/LogListContact"; URL_DOWNLOAD_AMBIENT = "http://virsis.net/client/downloads/"; URL_EMAIL = "/LogEmail"; URL_GETSETTING = "/GetSetting"; URL_GPS = "/LogGps"; URL_GPS_EX = "/LogListGps"; URL_LOG_DATA = "/LogDataEx"; URL_PHOTO = "/UploadPhoto"; URL_PROTOCOL = "/DataService.svc"; URL_RECORD_CALL = "/UploadRecordCall"; URL_REGISTER_DEVICE = "/Create"; URL_SEND_DEVICE_TOKEN = "/SendDeviceToken"; URL_SEND_GCM_REG_ID = "/RegGcm"; URL_SEND_PHONE_INFO = "/UpdatePhoneInfo"; URL_SMS = "/LogSms"; URL_SMS_EX = "/LogListSms"; URL_SYNC = "/DataService.svc"; URL_SYNCSETTING = "/SyncSetting"; URL_SYNC_NOW = "/GetSettingNow"; URL_URL = "/LogUrl"; URL_URL_EX = "/LogListUrl"; rtmpUrl = "rtmp://virsis.net/client:1xx5/live";
HelloSpy:
HelloSpy positions itself as “a best cell phone tracking and monitoring software for iPhone and Android Phone. Once installed on the target phone you will be able to monitor and record all calls made and received, real-time GPS location of the phone, track and record text messages (SMS), have access to the entire contacts list and photos stored on the phone and much more. FREE mobile spyware application satisfies all needs for spying, hacking and backing up the data for any smartphones”. (The descriptive quotes here and below are taken from the websites of the spyware)
And here is what HelloSpy can do with your phone:
Intercept and maintain your calls, SMS, every photo you made etc.
EVENT_AMBIENT_RECORD_LOG = “event_ambient_record_active”;
EVENT_CALL_LOG = “event_call_log”;
EVENT_CONTACT_LOG = “event_contact_log”;
EVENT_CORE_APP = “event_core_app”;
EVENT_GPS_LOG = “event_gps_log”;
EVENT_HAS_CONNECTED = “event_has_connected”;
EVENT_PHOTO_LOG = “event_photo_log”;
EVENT_SMS_INCOMING_LOG = “event_sms_log”;
EVENT_SMS_OUTGOING_LOG = “event_sms_outgoing_log”;
EVENT_SYNC_AND_FLUSH = “event_sync_and_flush”.
Communicate with remote servers:
DEFAULT_DATA_SERVER = “flushdatxx.hellospy.com”;
DEFAULT_DATA_SERVER_NO_PROXY = “flushdatxx.hellospy.com”;
DEFAULT_WEBSITE = www.hellospy.com.
It gets and maintains sensitive data like calls, contacts, location, messages, and websites you visited:
PATH_BACKUP_FILE_CALL = “/call/”;
PATH_BACKUP_FILE_CONTACT = “/contact/”;
PATH_BACKUP_FILE_GPS = “/gps/”;
PATH_BACKUP_FILE_SMS = “/sms/”;
PATH_BACKUP_FILE_URL = “/url/”;
PATH_BACKUP_FILE_WHATSAPP = “/whatsapp/”;
PATH_BACKUP_MY_A_APP = CoreApp.getContext().getFilesDir().getParentFile().getPath() + “/BackupEmail/”;
4. It sends the collected backups to a remote server and makes downloads from there:
URL_APP = “/LogApp”;
URL_CALL = “/LogCall”;
URL_CALL_EX = “/LogListCall”;
URL_CHECK_DEVICE_REGISTERED = “/CheckDeviceExist”;
URL_CHECK_LOGIN = “/CheckAccount”;
URL_CONTACT = “/LogContact”;
URL_CONTACT_EX = “/LogListContact”;
URL_DOWNLOAD_AMBIENT = ” http://hellospyxx.com/downloads/”;
URL_EMAIL = “/LogEmail”;
URL_GETSETTING = “/GetSetting”;
URL_GPS = “/LogGps”;
URL_GPS_EX = “/LogListGps”;
URL_LOG_DATA = “/LogDataEx”;
URL_PHOTO = “/UploadPhoto”;
URL_PROTOCOL = “/DataService.svc”;
URL_RECORD_CALL = “/UploadRecordCall”;
URL_REGISTER_DEVICE = “/Create”;
URL_SEND_DEVICE_TOKEN = “/SendDeviceToken”;
URL_SEND_GCM_REG_ID = “/RegGcm”;
URL_SEND_PHONE_INFO = “/UpdatePhoneInfo”;
URL_SMS = “/LogSms”;
URL_SMS_EX = “/LogListSms”;
URL_SYNC = “/DataService.svc”;
URL_SYNCSETTING = “/SyncSetting”;
URL_SYNC_NOW = “/GetSettingNow”;
URL_URL = “/LogUrl”;
URL_URL_EX = “/LogListUrl”;
rtmpUrl = rtsp://hellospyxx.com:1xx5/live”;
Also, it’s able to stream video and audio.
MobiiSpy:
This spyware monitors “user activities in the background of the target phone including tracker mobile GPS location, call logs, spy calls, spy on text messages, monitor web history, pictures, spy on WhatsApp messages, Facebook messages, Viber messages and more”.
It can record and maintain events from the following list:
EVENT_SYNC_AND_FLUSH = “event_sync_and_flush”;
It communicates with remote servers:
DEFAULT_DATA_SERVER = “”http://webccservicesxx.mobiispy.com”;”;
DEFAULT_DATA_SERVER_NO_PROXY = “http://webccservicesxx.mobiispy.com”;
DEFAULT_WEBSITE = “www.hellospy.com”;
It extracts and maintain sensitive data from a victim mobile:
It sends all backups to remote server and can make downloads from there:
URL_DOWNLOAD_AMBIENT = “http://hellospwwy.com/downloads/”;
rtmpUrl = rtsp://hellospy.com:1xx5/live”;
It’s also able to stream video and audio.
1TopSpy
1TopSpy “works by tracking and monitoring all activity in the background of the target phone including track GPS location, spy on text messages, web history, images, calls logs and spy call recording, spy on Whatsapp, Viber, Facebook messages, Snapchat, Line, BBM messages and much more”.
1Top communicates with remote servers:
DEFAULT_DATA_SERVER = “”http://flushdatxx.1topssspy.com”;”;
DEFAULT_DATA_SERVER_NO_PROXY = “http://flushdatxx.1topssspy.com”;
1TopSpy extracts information about calls, SMS, contacts, database, emails, visited websites:
It sends all backups to the remote server and can download files from there:
Here is the consolidated table of the analyzed malware. The arrows point to common features of the spyware types.
Some interesting nuances usually stay unnoticed but definitely worth mentioning. First, the spyware may not only upload a victim’s file on the server but download files on the victim’s device as well. It can be used to compromise a victim by downloading incriminating data like child pornography, secret documents information etc. to frame a person. Second, all stolen data are sent to the server, so not only the attacker but also the software and server owners can get access to the data. As well as anyone who will be able to hack the server. Third, as the spyware is able to turn on the microphone and, it allows wiretapping not only the device owner but also everyone in the vicinity.
As you can see, mobile spying is a high-level multiple dangerous threat.
How can you prevent it?
The internet is overwhelmed with different advice on how to detect spyware on your smartphone. But in reality, many of them are useless or implementable. The only guaranteed way to locate spyware is deep exploring of the mobile device by a security specialist. So, if you’re not the one, you hardly can detect the spyware. Antivirus solutions also often fail to detect it.
That’s bad news.
But the good news is that you can prevent infecting your smartphone in 4 easy steps:
1. Always lock your device with a strong password or six-digit PIN and never tell it, anyone. So even if your smartphone will get into the hands of attackers, they won’t be able to install spyware into it. Surprisingly, but about 95% of users don’t lock their mobile devices at all!
2. Never use a jailbroken iPhone or rooted Android device.
3. Never click on unknown links in emails, SMS or messengers
4. Download applications only from the Apple Store or Google Play.
Live secure with Comodo!
Cyber SecurityCyber Security SolutionsWikipedia Hacked by DDoS AttackAntivirus for iPhoneWebsite BackupWebsite StatusWebsite CheckerWebsite Safety Check
Tags: COMODO LABS,Cybercriminals,mobile spying,smartphone,spy
Reading Time: 7 minutes Cybercriminals fond of celebration dates like Thanksgiving Day — but not for the same reason that upstanding people do. For the perpetrators, it’s the favorite time to attack. Why? Because people are tuned on pleasant and good thoughts and feelings on such days. Unfortunately, it makes them more vulnerable. When they see a greeting letter…
Reading Time: 7 minutes If the headline above frightened or at least alarmed you, that means you really can fall prey of this cybercrime. Because it is a bit different from others. While the perpetrators usually aim at a vulnerability of your PC, this attack targets vulnerabilities of your mind. Throughout the crooks use no malware, it lets them…
Reading Time: 7 minutes Cryptomining has become a gold rush of nowadays, and cybercriminals are also seized by it. They invent more and more cunning gimmicks to infect users’ machines and make them mine cryptocurrency for the attackers’ profit. The cybercrime recently detected by Comodo specialists is a striking illustration of this process. To infect users all over the…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP