Meta disabled several hundred fake accounts linked to spyware

Meta just released two reports focusing on its anti-spyware efforts that last year targeted hundreds of Facebook users in nearly 200 countries and territories, including China, Russia, Israel, the United States and India.

Last year, Meta deactivated 130 accounts on Facebook and Instagram linked to Candiru, the very discreet distributed spyware merchant, created in 2014 by one of the former co-founders of NSO, and which had been placed on the list US Department of Commerce blacklist at the same time as NSO, in November 2021.

Its name is inspired by a fish nicknamed the “ vampire of the amazon waters “whose legend has it” travels up urine streams and to lodge in the urethra “. Candiru, which would have been created in 2014, is not a website and cultivates secrecy.

In 2017, the company was renamed DF Associates, then Grindavik in 2018, Taveta in 2019, and Saito Tech in 2020. Its existence had been confirmed thanks to an investigation by journalist Amitai Ziv. He had found, on the Facebook page of a caterer, a black and white fresco of silhouettes of men in bowler hats but without faces. Ziv had photographed the mural and the logo in the old, empty premises of Candiru.


Candiru’s logo and its mural photographed by Amitai Ziv

The company, adept at “coolness”, had ordered platters of hummus for the aperitif, and the caterer had boasted about it on Facebook, allowing the journalist to confirm the link between Candiru and its founder, but also to discover its former name, and therefore to obtain from the commercial register all the official documents concerning it.

The spyware “web intelligence” provider


Leave a Comment