Advertisement

Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says

The group behind the attack may have ties to an Indian surveillance firm.
Protest ahead of Togo election. (Photo by PIUS UTOMI EKPEI / AFP) (Photo by PIUS UTOMI EKPEI/AFP via Getty Images)

A threat group known for using Android-based malware to target victims in Southeast Asia has been detected in Africa for the first time, according to Amnesty International research released Wednesday.

Attackers tried to trick a Togolese activist into installing Android spyware via a series of WhatsApp messages and emails. The spyware would have allowed attackers to access a wealth of information including files stored on the device, WhatsApp messages as well as access to the phone’s camera and microphone.

Spies targeted the human rights advocate, who Amnesty refused to name as a security precaution, between December 2019 and January 2020 during the lead-up to the country’s presidential election. Human rights experts and opposition leaders accused incumbent president Faure Gnassingbé of using police force to silence and brutalize protestors, disrupting election results.

Groups including Amnesty International and the United Nations have called for a moratorium on the sale of surveillance technology, including facial recognition technology until countries agree on a human rights framework and the impact of the technology is more thoroughly understood.

Advertisement

While the Android spyware used was custom-built, Amnesty said it found “technical evidence” that connected the campaign to  infrastructure built by Innefu Labs, an Indian digital security and surveillance company that works with the Indian government and other clients. Amnesty found no evidence of direct involvement from Innefu Labs and says that multiple actors may have had access to the same custom spyware and shared infrastructure. Researchers did not provide more details about the technical evidence by press time.

Innefu Labs in a written statement to Amnesty International denied any connections with the group and said it was unaware of the use of their IP addresses for attacks. Innefu Labs did not respond to a request for comment from CyberScoop.

Researchers at CrowdStrike previously tied the group, which is most heavily active in India and Pakistan, to Appin Security Group. Appin Security Group and Innefu Labs share a co-founder.

Amnesty and other groups have in the past tied surveillance of Togolese activists to spyware from Israel-based NSO Group. The new research shows that the growth in the surveillance market is making it even easier for states and other actors to spy on activists and other perceived threats.

“Across the world, cyber-mercenaries are unscrupulously cashing in on the unlawful surveillance of human rights defenders,” said Danna Ingleton, deputy director of Amnesty Tech. “Anyone can be a target — attackers living hundreds of miles away can hack your phone or computer, watch where you go and who you talk to, and sell your private information to repressive governments and criminals.”

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts