NEW Android spyware Morpheus has been uncovered by Osservatorio Nessuno as being spread through fake Android apps posing as updates to steal data, with the researchers noting a rising covert surveillance tools market driven by demand from law enforcement and intelligence agencies. The report describes a multi-stage attack in which a dropper installs a second-stage payload hidden within, then disguises itself as legitimate system components to obtain dangerous permissions, including Accessibility access.
It can override screens with overlays, throttle user input, and trigger a fake update process to maintain control, while enabling wireless debugging and ADB connections to gain elevated privileges. The analysis suggests an Italian origin for the spyware, citing language clues and Italian-hosted infrastructure, and indicates ties between hosting providers and opaque firms supporting the operation.
Osservatorio Nessuno concludes that the spyware is linked to IPS Intelligence, an Italian firm active in lawful interception technologies used by governments, marking what the report calls a first public linkage between IPS Intelligence and spyware distribution. Morpheus is described as extremely invasive, capable of recording audio and video, pairing WhatsApp devices, erasing evidence, and weakening device security, among other capabilities. 28 April 2026