Search Tools Links Login

Emergence of 'Sherlock': Insanet's Ad-driven Spyware Raises Alarm Bells

The cyber threat landscape has witnessed another significant addition: 'Sherlock,' a spyware developed by Insanet. What distinguishes Sherlock from the likes of the notorious NSO's Pegasus is its unique infection method via ad networks.


Active since 2014, Gelsemium, a well-known advanced persistent threat (APT) group, has previously targeted sectors like government, education, and electronic manufacturers, predominantly in East Asia and the Middle East. A report from Palo Alto Network's Unit 42 highlights its recent activities, pointing to techniques like utilizing publicly available web shells for compromising systems. Moreover, tools like OwlProxy, specific to Gelsemium, have been implicated in attacks against the Taiwanese government.

Insanet's Sherlock Spyware

Unlike Pegasus, which infiltrates iPhones by exploiting iOS vulnerabilities, Sherlock leverages advertising networks. Attackers craft an ad campaign targeting a specific demographic and location, embedding the spyware within the ad. Once the target views the ad, the spyware covertly installs on their device. Preliminary analysis reveals that Sherlock can compromise Windows computers, Android devices, and iPhones.

The Threat Landscape

Ad networks, often exploited for 'malvertising' (malicious advertising), have conventionally delivered malware targeting computers, aiming at data ransom or password theft. Spyware, in contrast, typically focuses on mobile devices, seeking to covertly acquire sensitive information. Sherlock, with its capabilities to monitor, capture, and transmit data, adds a new dimension to this landscape.

From 2011 to 2023, approximately 74 governments have procured spyware or digital forensics technology from commercial entities for various purposes ranging from intelligence gathering to combating crime. Beyond government usage, companies deploy spyware to monitor employee activities, private investigators utilize it for legal investigations, and hackers exploit it for fraudulent schemes.

Concerns and Costs

A significant worry lies in the fact that the Israeli government legally sanctioned the advanced capabilities of Sherlock for broader sales, endangering virtually every online user. However, there's a mitigating factor: Sherlock's hefty price tag. A single infection reportedly costs a staggering US$6.4 million, as per internal documentation referenced in a Haaretz report.

About this post

Posted: 2023-09-25
By: dwirch
Viewed: 408 times







No attachments for this post

Loading Comments ...


No comments have been added for this post.

You must be logged in to make a comment.