Your sources dry up overnight. That’s what hits hardest for folks like Mostafa Al-A’sar, the Egyptian journalist who’s been dodging shadows since his 2018 arrest.
This hack-for-hire spyware campaign — tied to a group with Indian government whiffs — doesn’t care about borders. It just keeps coming, phishing through fake job offers, social media lures, slipping ProSpy onto Android phones. Real people? They’re the ones glancing over their shoulders, wondering if that LinkedIn message is legit or a ticket to surveillance hell.
And here’s Al-A’sar himself, summing it up raw:
“I feel like I’m threatened,” Al-A’sar said, and even though he was living in exile, he feels like “they are still following me. I also felt worried about my family, about my friends, about my sources.”
Chills, right?
Who’s Footing the Bill for This Spyware Circus?
Lookout, Access Now, and SMEX pieced it together — shared infrastructure screaming ‘Bitter,’ that South Asia APT crew usually after diplomats and power grids. But now? Journalists, activists in the Middle East, North Africa. Since 2022, at least. Spearphishing via bogus social accounts, persistent social engineering — sounds fancy, but it’s just relentless catfishing till you click.
Bitter’s no lone wolf hacker in a basement. Hack-for-hire outfits like this? They’re the Uber of espionage — governments call, they deliver, no pesky accountability. Suspected Indian ties? Yeah, that tracks with New Delhi’s quiet pivot to digital muscle-flexing abroad. Remember how Modi’s crew got cozy with surveillance tech post-Pegasus scandals? This feels like the budget sequel: ProSpy, first flagged by ESET targeting UAE folks. Cheaper, stealthier, perfect for outsourcing repression without the NSO Group price tag.
My unique take, after two decades chasing Valley hype? This isn’t innovation — it’s commoditization. Spyware’s gone from elite nation-state toys to any regime’s weekend special. Who profits? Shady Indian firms raking in crores, while Western Big Tech pretends Android’s ‘secure by design.’ Laughable.
Access Now fielded the first calls — 2023, 2024 spearphishes. Lookout nailed the malware attribution. SMEX spotted the Lebanese journalist hit. Together: a sprawling op, potentially snagging officials too.
But attribution? Slippery. Access Now won’t name names — smart, avoids lawsuits. Still, the pattern’s damning.
Why Does This Hack-for-Hire Campaign Keep Winning?
Journalists aren’t paranoid; they’re targets. Committee to Protect Journalists nailed it:
“Spying on journalists is often the first step in a broader pattern of intimidation, threats, and attacks,” said the group’s regional director, Sara Qudah. “These actions endanger not only journalists’ personal safety, but also their sources and their ability to do their work. Authorities in the region must stop weaponizing technology and financial resources to surveil journalists.”
Spot on. And it’s not stopping. Lookout’s report: “Our joint findings expose an espionage campaign that has been operational since at least 2022 until present day primarily targeting civil society members and potentially government officials in the Middle East.” Persistent, adaptive — that’s the Bitter MO. Fake WhatsApp chats, job bait. One click, and ProSpy’s in, slurping contacts, SMS, mic access.
Here’s the cynical bit: Repressive states love this. No need for in-house hackers — hire Bitter, plausible deniability intact. Egypt, Lebanon, UAE vibes all over it. Al-A’sar knew better from past arrests, but even pros slip. Cybersecurity? As he said, “not a luxury.”
Prediction time — and I’ve been wrong before, but rarely on grift. Expect this to balloon. As U.S. cracks down on NSO, knockoffs flood from India, Russia, China. Hack-for-hire markets hit $1B+ yearly, per some estimates. Real money’s in volume targeting.
How Bad Is ProSpy — And Can You Dodge It?
ProSpy’s no Pegasus clone, but nasty enough. Android-only so far, roots deep, evades Google Play Protect. ESET broke it last year — UAE targets first. Now MENA press.
Victims? Exile doesn’t shield. Al-A’sar fled Egypt, still haunted. Families, sources at risk. Phone’s your lifeline — and now a snitch.
Lessons? Ditch SMS 2FA yesterday. Use Signal, Proton. Check links with VirusTotal. But honestly? If Bitter wants in, it’s war. Journalists need orgs like Access Now’s helplines — yesterday.
Governments? They won’t. Tech giants? Patch faster, maybe. But who’s buying? That’s the real thread — follow the rupees.
This campaign’s a wake-up: Digital exile is a myth. Spyware crosses oceans cheaper than a flight. And while Valley chases AGI dreams, real threats brew in the shadows — profit-driven, government-blessed. Stay vigilant, or stay silent.
🧬 Related Insights
- Read more: Hims & Hers’ Zendesk Slip-Up: Hackers Snag Millions of Intimate Support Tickets
- Read more: BlueHammer Drops: Rogue Researcher Dumps Windows Zero-Day Code After Microsoft Snub
Frequently Asked Questions
What is ProSpy spyware?
Android malware from Bitter APT, deploys via phishing, steals messages, calls, location. First spotted targeting UAE, now MENA journalists.
How do hack-for-hire campaigns target journalists?
Fake social media, job offers, messaging lures — persistent social engineering till you click the malicious link.
Can exiled journalists avoid this spyware?
Tough — use secure apps like Signal, avoid suspicious links, enable Google Play Protect. But pros recommend org help like Access Now.
