Amnesty International’s Security Lab recently revealed the shocking tactics employed by hackers on platforms like X and Meta. They’re embedding malicious links within comment sections, and these links, with a single click, can compromise your device
We’ve all heard about the anecdotes of opening mysterious emails and clicking on dangerous links, but the latest threat takes a sneakier approach. Imagine this: you’re casually scrolling through your favourite social media platform, reading comments on your posts, and, unbeknownst to you, a perilous trap awaits. A seemingly harmless link, just a single click away, could be the gateway to a digital nightmare. It’s not just your device at risk; your personal data and secrets could be exposed to relentless hackers.
Amnesty International’s Security Lab recently revealed the shocking tactics employed by hackers on platforms like X and Meta. They’re embedding malicious links within comment sections, and these links, with a single click, can compromise your device. This report serves as a wake-up call, shedding light on a troubling trend: cyber-surveillance companies targeting journalists, policymakers, and academic researchers through social media platforms. What’s even more concerning is how these companies operate—quietly distributing one-click spyware links within comments, like digital ninjas.
The story takes a gripping turn when we uncover an enigmatic Twitter account, ‘@Joseph_Gordon16’, actively sharing these treacherous links in responses to tweets. What sets these links apart is their clever use of deceptive custom URLs, making them look like legitimate news websites.
For instance, on April 14, 2023, the ‘@Joseph_Gordon16’ account tweeted an attack link at Tsai Ing-Wen, the President of Taiwan, and it didn’t stop there. The United States Senator for North Dakota, John Hoeven, was also drawn into the web, as the reply tweet and attack link indirectly reached his X account. Crafty, right?
One of these links, caavn[.]org, was set up with a crafty twist. It diverted link preview requests to the actual South China Morning Post website, making it appear entirely legitimate. This is a common strategy used by cyber attackers to sneak spyware onto your device.
Now, brace yourself for the plot thickening: another Facebook account, ‘Anh Tran,’ joined in, sharing links that included the same caavn[.]org domain. This parallel use of custom domain names by both accounts points to a possible connection between these two profiles and a single operator with sinister intentions.
To add to the intrigue, Google’s Threat Analysis Group jumped into the action, confirming that the domains and URLs shared by ‘@Joseph_Gordon16’ are linked to Intellexa’s Predator spyware system. This is no child’s play – it’s a highly invasive tool capable of granting full access to your device without leaving a trace behind. It’s like a ghost in your digital machine.
Intellexa may present itself as an EU-based, regulated company serving law enforcement, but its alliance includes names like Nexa Technologies, Advanced Middle East Systems, WiSpear, Cytrox, and Senpai Technologies. They span multiple countries, and this global reach is nothing short of an espionage thriller.
Over the past decade, a concerning global pattern has emerged: governments using spyware tools from private cyber-surveillance firms to unlawfully target activists, journalists, and officials through social media. Vigilance, cybersecurity, and international cooperation are essential to protect digital rights and privacy. Your online safety is at stake, and the game is more sinister than ever. Stay alert!
