A secretive cyberintelligence firm claims to have created powerful hacking tools that can remotely monitor and take control of Android, MacOS and Windows devices. Designed for those looking to “investigate targets in tactical operations,” Mollitiam Industries is promoting tools that are capable of the “anonymous interception, and the remote and invisible control of targets connected to the internet,” according to documents seen by WIRED.
Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed ‘Invisible Man’ and ‘Night Crawler,’ are capable of remotely accessing a target’s files, location, and covertly turning on a device’s camera and microphone. Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device – including passwords, search queries and messages sent via encrypted messaging apps – can be tracked and monitored.
To evade detection, the malware makes use of the company’s so-called “invisible low stealth technology” and its Android product is advertised as having “low data and battery consumption” to prevent people from suspecting their phone or tablet has been infected. Mollitiam is also currently marketing a tool that it claims enables “mass surveillance of digital profiles and identities” across social media and the dark web.
Cyberintelligence firms responsible for manufacturing invasive spyware technology, such as Israel’s NSO Group, Italy’s Hacking Team, and Germany’s FinFisher, have faced sustained criticism from human rights groups in recent years due to accusations of providing sophisticated spy tools to repressive regimes where they have been used to target members of civil society. The exposed documents are one of the first times Mollitiam’s surveillance capabilities have been revealed publicly. “Time and again we have seen the type of spyware sold by Mollitiam used to target journalists, activists, and others,” says Edin Omanovic, the advocacy director of Privacy International.
While Mollitiam Industries is less well-known than other cyberintelligence firms, its technology is regularly touted at ISS World conferences, a series of annual surveillance events dubbed a ‘wiretappers’ ball’ by privacy advocates. Recently it has promoted its ability to record WhatsApp calls and shared details of social engineering and phishing tactics used “to gain the target’s trust” during a webinar. Later this year it is scheduled to present a demo on the “latest technology used to take invisible control of target systems”. The lead sponsor of the conference is NSO Group, which is currently embroiled in a legal battle with WhatsApp over its hacking technology.
Little is publicly known about how Molltiam’s technology is used in the real-world. In January 2020, Colombian news magazine, Semana, published contracts that appear to show a division of the Colombian military had purchased Mollitiam’s ‘Invisible Man’ product the previous year for almost three billion pesos, almost £600,000. According to Reporters Without Borders, the technology was used to target several journalists at the magazine, including its editor, Alejandro Santos.
“We know that the Colombian government has been spying on journalists for many years and so anything that suggests they are getting better tools to be able to do that is deeply concerning,” says Natalie Southwick, the South and Central Americas program coordinator of the Committee to Protect Journalists. “Spyware is a massive threat to press freedom and the right of everyone to access information.”
Mollitiam Industries was established in 2018 and is based in Madrid, according to its LinkedIn page. Although not all of its clients are known, Spain’s intelligence agency and cyberspace command unit work with the company and officials in Brazil and Peru have also purchased its products, according to trade magazine, Intelligence Online.