Flush with EU funds, a shadowy Spain-based cyberintelligence firm has reportedly created invasive surveillance tech that enables clients to take “remote and invisible control” of net-connected devices while evading detection.
The “anonymous interception” products, branded as ‘Invisible Man’ and ‘Night Crawler’, can remotely access files on a target’s device, discern their location, and even discreetly switch on cameras and microphones, according to WIRED magazine.
The developer, Mollitiam Industries, is also reportedly hyping up a tool that allows for the “mass surveillance of digital profiles and identities” across social media and even the dark web – which sounds strikingly similar to its work on a data-harvesting project funded in part by the EU’s Regional Development Fund.
That project is aimed at developing an automated intelligence-generation platform that analyzes and correlates large amounts of data “from open internet sources.” It is reportedly worth €650,000 ($788,027) and is slated to end in September.
However, that is only one of several EU-funded projects that have filled the company’s coffers, according to official documents accessed by WIRED. Although there is no full public listing of clients, a 2019 article from trade publication Intelligence Online noted that it works with Spain’s intelligence agency and cyberspace command unit.
“The fact that they received EU public money to develop their business is shocking. Mollitiam market capabilities that pose such a unique threat to our privacy and security that it’s highly debatable if such powers could ever be compatible with international human rights law,” Edin Omanovic, advocacy director at privacy watchdog Privacy International, told WIRED.
Accessing unprotected online marketing materials, the report noted that Mollitiam’s “invisible low-stealth technology” and “low data and battery consumption” features allows its tools to operate without arousing suspicion.
Another feature is a keylogger that comes built-in with the spyware – allowing for the tracking and recording of every keystroke a target makes on an infected device, including passwords, web search activity and even texts exchanged on encrypted messaging apps.
During a recent webinar, Mollitiam showcased its tech’s ability to record WhatsApp calls and divulged details of social engineering and phishing tactics used “to gain the target’s trust.”
The report comes at a time when privacy concerns are being raised about efforts by law enforcement and intelligence agencies to gain access to personal data by circumventing encrypted messaging technologies.