Meta removes hundreds of accounts tied to spyware

Facebook's parent, Meta, removed hundreds of accounts in the last year across Facebook and Instagram tied to known spyware and surveillance-for-hire vendors, according to a report released Thursday.

The big picture: Major tech companies have become one of the first lines of defense against the global proliferation of spyware and surveillance-for-hire vendors, given the companies' unique visibility into how the vendors abuse their platforms and devices.

• These vendors typically build and sell hard-to-detect spyware to governments and other nefarious actors that's installed on phones through their security flaws.

Details: Researchers said they removed several account networks across Facebook and Instagram that spyware and surveillance-for-hire vendors relied on for product testing and data scraping.

• For instance, Meta removed 130 Facebook and Instagram accounts tied to spyware vendor Candiru and 250 accounts tied to vendor Quadream that they believed were being used to test their tools.
• Meta also removed about 230 accounts on Facebook and Instagram linked to spyware vendor CyberGlobes that were used to scrape user data.

Yes, but: Spyware makers also rely on other legitimate tools outside of Meta's and other companies' reach, the report notes.

• One example is Indian firm CyberRoot, which a Reuters investigation exposed as a hackers-for-hire service relying on marketing tool Branch to manage and track phishing links.
• "This demonstrates just how important a whole-of-society response is to tackling this growing malicious industry," the report says.

Catch up quick: Meta isn't alone in taking on spyware vendors.

• Google released a report last month exposing Spanish IT company Variston IT as a spyware maker.
• Both Apple and Meta-owned WhatsApp are in the middle of lawsuits against NSO Group.

Sign up for Axios’ cybersecurity newsletter Codebook here.