Amnesty International has linked Indian cybersecurity firm Innefu Labs to an Android spyware program used to target prominent activists, including a confirmed case of espionage against a Togolese activist after the company’s IP address was used to spread the spyware payload.
There are indications that the actual deployment may be the work of the ‘Donot Team’ (APT-C-35), a collection of Indian hackers targeting governments in Southeast Asia after Amnesty’s investigators found many similarities with “Kashmir_Voice_v4.8.apk” and “SafeShareV67.apk” two malicious programs associated with previous operations of the Donot Team.
Since this is the first time that the Donot team has targeted facilities in African countries, there is evidence that the group is offering ‘hacker for hire’ services to governments.
While Innefu Labs denied any involvement in the Donot team and the targeted attacks on activists, Amnesty made it clear that it is possible that Innefu does not know how its customers or other parties use its tools.
For more information, read the original story in Bleeping Computer.