Italy's low-cost commercial spyware economy — Morpheus (IPS Intelligence) and Spyrtacus (SIO) Android Accessibility-API abuse
campaign · item:italy-low-cost-commercial-spyware-morpheus-spyrtacus
Coverage timeline
1
first 2026-06-01 → last 2026-06-01
Briefs
1
1 distinct
Sources cited
23
19 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-01CTI Daily Brief — 2026-06-01
Where this entity is cited
- deep_dive1
Source distribution
- kaspersky.com2 (9%)
- osservatorionessuno.org2 (9%)
- thehackernews.com2 (9%)
- therecord.media2 (9%)
- bleepingcomputer.com1 (4%)
- edpb.europa.eu1 (4%)
- edri.org1 (4%)
- helpnetsecurity.com1 (4%)
- other11 (48%)
All cited sources (23)
- edri.orgprimaryinlineEDRi, 2026-05-28https://edri.org/our-work/inside-italys-low-cost-spyware-economy/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-06https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
- edpb.europa.euinlineEDPB, 2026-03-19https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en
- helpnetsecurity.cominlineHelp Net Security, 2026-05-06https://www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
- isc.sans.eduinlineSANS ISC, 2026-06-01https://isc.sans.edu/diary/rss/33034
- kaspersky.cominlineKaspersky press release, 2026-05-05https://www.kaspersky.com/about/press-releases/kaspersky-identifies-ongoing-supply-chain-attack-on-official-daemon-tools-website-distributing-backdoor-malware
- kaspersky.cominlineKaspersky Securelisthttps://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/
- maine.govinlineMaine Attorney General data-breach filinghttps://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d6729ef2-7bb3-42d3-abdd-99a1dd8f2415.html
- microsoft.cominlineMicrosoft, 2026-05-30https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/
- osservatorionessuno.orginlineOsservatorio Nessuno — Spyrtacus / SIO analysishttps://osservatorionessuno.org/blog/2026/04/italian-spyware-maker-sio-still-developing-and-distributing-spyrtacus/
- osservatorionessuno.orginlineOsservatorio Nessuno — Morpheus technical analysishttps://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
- posthogstatus.cominlinePostHog status, 2026-05-30https://www.posthogstatus.com/incidents/01KSV6HJYKG5QJAP8HVTSQVSM1
- prnewswire.cominlinefiled substitute notices with state attorneys-general on 2026-05-27https://www.prnewswire.com/news-releases/carnival-corporation-notice-of-data-breach-302783524.html
- securelist.cominlineKaspersky Securelist, 2026-05-06https://securelist.com/tr/daemon-tools-backdoor/119654/
- securityaffairs.cominlineSecurity Affairs, 2026-05-12https://securityaffairs.com/192003/malware/android-banking-trojan-trickmo-evolves-using-ton-network-for-c2.html
- sonatype.cominlineSonatype, 2026-05-28https://www.sonatype.com/blog/inside-a-176-package-npm-campaign-built-to-beat-your-internal-dependencies
- thehackernews.cominlineThe Hacker News, 2026-05-12https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html
- thehackernews.cominlineThe Hacker News, 2026-05-20https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html
- therecord.mediainlineThe Recordhttps://therecord.media/cruise-giant-carnival-confirms-data-breach-affecting-6-million
- therecord.mediainlineThe Record, 2026-05-06https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
- theregister.cominlineThe Registerhttps://www.theregister.com/cyber-crime/2026/05/28/carnival-shinyhunters-cruised-off-with-6m-customer-records/5247808
- threatfabric.cominlineThreatFabric, 2026-05-11https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
- welivesecurity.cominlineESET WeLiveSecurity, 2026-05-20https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
Items in briefs about Italy's low-cost commercial spyware economy — Morpheus (IPS Intelligence) and Spyrtacus (SIO) Android Accessibility-API abuse
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.