Spyware risks are rising fast, and you should definitely be worried — even Google says so

Google tracks at least 40 companies building commercial spyware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Companies developingspywareand offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good.

This is according to a new report fromGoogle, which highlights the growing concern of commercially developed spyware.

Now, according toGoogle’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. One of their bigger roles is discovering zero-day vulnerabilities. In fact, Google claims CSVs are behind half of known zero-day exploits targeting Google products and the Android ecosystem.

Buying spying

Commercial spyware companies have hit the headlines in recent weeks due largely to the exploits of NSO Group. This Israeli-based start-up developed a tool called Pegasus, and claimed it was designed to help governments around the world defend against terrorist attacks and similar threats. Instead, Pegasus was found used on government officials in the UK and the EU, and many cybersecurity researchers and privacy advocates were warning of Pegasus being used against government opponents, journalists, intellectuals, or dissidents. This prompted the US, for example, to blacklist NSO Group.

Furthermore, the demand for “turnkey espionage solutions” is on the rise. CSVs offer pay-to-play bundles that not only abuse zero-days to work around cybersecurity solutions and antivirus programs, but also spyware, and the infrastructure necessary to harvest and exfiltrate sensitive information from the targets.

Among CSVs are those working on discovering vulnerabilities, those working on selling exploits, those building spyware solutions, and finally - government customers who purchase these bundles and propel this industry forward.

“CSVs have proliferated hacking and spyware capabilities that weaken the safety of the internet for all. This is why we discover and patch vulnerabilities used by CSVs, share intelligence strategies and fixes with industry peers and publicly release information about the operations we disrupt,” Google’s researchers concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Undermining your privacy? Session says no and leaves Australia