The Hired Eyes: How a Stealthy Hack-for-Hire Group Is Cracking iCloud and Android
A new investigation has pulled back the curtain on a shadowy “hack-for-hire” operation that is currently terrorizing journalists, activists, and government officials across the Middle East and North Africa. This isn’t your typical group of basement hackers; this is a professional outfit that government agencies hire to do their dirty work. Security researchers from Access Now, Lookout, and SMEX recently identified these attacks, which use a mix of clever phishing and specialized spyware to take full control of victims’ digital lives.
The group is likely an offshoot of an Indian hack-for-hire firm and has strong ties to a known hacking collective called BITTER APT. One company named in the reports as a possible suspect is Rebecc Solutions. These organizations offer “plausible deniability” to their government clients. Since the hackers run all the infrastructure and operations, the governments can claim they have no idea what is happening if the campaign ever gets exposed. It is a cheaper, more secretive alternative to buying high-end commercial spyware like Pegasus.
The Attack Strategy
The hackers don’t rely on expensive, “zero-click” exploits. Instead, they use persistent social engineering to trick people into opening the door.
- iCloud Heist: For iPhone users, the hackers send fake “Apple Support” messages through iMessage or WhatsApp. They trick victims into handing over their Apple ID credentials. Once they have those, they can log into the victim’s iCloud backups, giving them access to every photo, message, and document stored in the cloud.
- Android Infiltration: On Android, they use a specialized spyware called ProSpy. This malware often masquerades as popular messaging apps like Signal, WhatsApp, or Zoom. In the Middle East, it even mimics regional apps like ToTok and Botim to blend in.
- Signal Hijacking: The group has mastered a technique to “link” a new device to a victim’s Signal account. By tricking a user into adding an attacker-controlled device, the hackers can read every private message in real time as if they were the original user.
A Growing Trend
This campaign highlights a dangerous shift in global surveillance. You no longer need a massive cyber warfare budget to spy on your critics. These hack-for-hire groups are making professional-grade espionage accessible to almost any regime with a few thousand dollars to spare. While companies like Appin—another Indian hack-for-hire firm—have been shut down after past exposures, the researchers noted that the activity didn’t disappear. The hackers simply moved on to smaller, even more secretive companies to keep the business alive.
For high-value targets, the message is clear: your backups and “secure” messaging apps are only as safe as your login credentials. The hackers are counting on human error to bypass the world’s most advanced security. As long as there is a market for silence and secrets, these digital mercenaries will keep finding new ways to get inside your pocket.