Dec 16, 2022 - Technology

Meta removes hundreds of accounts tied to spyware

Illustration of a robot arm with the hand holding an iPhone on strings like a puppet.

Illustration: Aïda Amer/Axios

Facebook's parent, Meta, removed hundreds of accounts in the last year across Facebook and Instagram tied to known spyware and surveillance-for-hire vendors, according to a report released Thursday.

The big picture: Major tech companies have become one of the first lines of defense against the global proliferation of spyware and surveillance-for-hire vendors, given the companies' unique visibility into how the vendors abuse their platforms and devices.

Details: Researchers said they removed several account networks across Facebook and Instagram that spyware and surveillance-for-hire vendors relied on for product testing and data scraping.

  • For instance, Meta removed 130 Facebook and Instagram accounts tied to spyware vendor Candiru and 250 accounts tied to vendor Quadream that they believed were being used to test their tools.
  • Meta also removed about 230 accounts on Facebook and Instagram linked to spyware vendor CyberGlobes that were used to scrape user data.

Yes, but: Spyware makers also rely on other legitimate tools outside of Meta's and other companies' reach, the report notes.

  • One example is Indian firm CyberRoot, which a Reuters investigation exposed as a hackers-for-hire service relying on marketing tool Branch to manage and track phishing links.
  • "This demonstrates just how important a whole-of-society response is to tackling this growing malicious industry," the report says.

Catch up quick: Meta isn't alone in taking on spyware vendors.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper