According to Haaretz investigation, Insanet, an Israeli software company, has purportedly created a for-profit surveillance software named Sherlock. This software is alleged to have the capability to infiltrate devices through internet advertisements, enabling it to covertly monitor individuals and gather information on behalf of the company’s customers.
Sherlock is capable of drilling its way into Microsoft Windows, Google Android, and Apple iOS devices. It has been marketed as a military product but has also been sold to non-democratic countries.
Sherlock seems designed to use legal data collection and digital advertising technologies to target people for government-level espionage. Other spyware, such as NSO Group’s Pegasus or Cytrox’s Predator and Alien, tends to be more precisely targeted.
According to Qualys threat research manager Mayuresh Dani, Sherlock can be compared to malvertising where a malicious advertisement is blanket-pushed to unsuspecting users. However, in this case, it seems that this is a two-staged attack wherein users are first profiled using advertising intelligence (AdInt) and then they are served malicious payloads via advertisements.
Insanet also reportedly teamed up with Candiru, an Israel-based spyware maker that has been sanctioned in the U.S., to offer Sherlock along with Candiru’s spyware. An infection of Sherlock will apparently set a client back six million euros.
The Electronic Frontier Foundation’s Director of Activism Jason Kelley said Insanet’s use of advertising technology to infect devices and spy on clients’ targets makes it especially worrisome. He noted that dodgy online ads can be used to go after specific groups of people, such as those who are interested in open source code or who frequently travel to Asia.
The sources for this piece include an article in TheRegister.