Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent.
It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft. FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. This flaw allows attackers to execute malicious code via specially crafted documents. In this instance, the exploitation led to the deployment of a spyware payload known as “MerkSpy.” MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems.
Read more…
Source: Fortinet
Related:
- ClayRat Android malware spoofs WhatsApp, TikTok and more
October 10, 2025
A new Android malware variant is posing as popular apps, stealing sensitive files and propagating further. Experts from Zimperium revealed ClayRat, targeting primarily Russian users by spoofing popular Android apps such as WhatsApp, TikTok, Google Photos, or YouTube, distributed mostly through Telegram channels and standalone phishing sites. Through typosquatting, the phishing sites trick victims into thinking ...
- Threat landscape for industrial automation systems in Q2 2025
September 19, 2025
In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%. Compared to Q2 2024, the rate decreased by 3.0 pp. Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 11.2% in Northern Europe to 27.8% in Africa. ...
- Apple’s latest iPhone security feature just made life more difficult for spyware makers
September 11, 2025
Buried in an ocean of flashy novelties announced by Apple this week, the tech giant also revealed new security technology for its latest iPhone 17 and iPhone Air devices. This new security technology was made specifically to fight against surveillance vendors and the types of vulnerabilities they rely on the most, according to Apple. The feature ...
- ICE reactivates contract with spyware maker Paragon
September 2, 2025
U.S. Immigration and Customs Enforcement (ICE) signed a contract last year with Israeli spyware maker Paragon worth $2 million . Shortly after, the Biden administration put the contract under review, issuing a “stop work order,” to determine whether the contract complied with an executive order on commercial spyware, which restricts U.S. government agencies from using spyware ...
- WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware
August 29, 2025
WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...
- A new security flaw in TheTruthSpy phone spyware is putting victims at risk
August 25, 2025
A stalkerware maker with a history of multiple data leaks and breaches now has a critical security vulnerability that allows anyone to take over any user account and steal their victim’s sensitive personal data, TechCrunch has confirmed. Independent security researcher Swarang Wade found the vulnerability, which allows anyone to reset the password of any user of ...