State surveillance company leaked its own data, its customers' data, and its customers' victims' data

Wolf Intelligence is a German state surveillanceware company founded by Manish Kumar, selling tools that independent researchers described as "very shitty and it’s just copy paste from open source projects," used by governments to spy on their citizens.

At the Virus Bulletin conference in Montreal, researchers from CSIS Security revealed that they had discovered a massive trove of 20GB of Wolf Intelligence's data, including "recordings of meetings with customers, a scan of a passport belonging to the company’s founder, and scans of the founder’s credit cards, and surveillance targets’ data."

Motherboard quotes several sources in the state malware sector who describe Kumar as a "scammer" and a "criminal of the worst kind." Kumar claimed the data had been leaked by a contractor, a claim that is denied by the researchers who discovered the leak.

The researchers said they were able to find a Windows, an Android, and an iOS variant of that RAT, and figured out that it was produced by Wolf Intelligence. They also found data belonging to several victims in countries such as Egypt, Saudi Arabia, and Turkey. One of the victims, they said, is a human rights defender.

The malware itself, according to the researchers, is pretty rudimentary.

“It’s very shitty and it’s just copy paste from open source projects,” Ancel told Motherboard in a phone interview, referring specifically to Wolf Intelligence’s iOS malware. Motherboard did not independently analyze the malware, and Kumar stopped responding to Motherboard soon after I began talking to him.

During the public presentation in Montreal, Ancel said that Kumar “seems to be the kind of criminal who try to scam people with a shitty product.”

Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See [Lorenzo Franceschi-Bicchierai/Motherboard]