You probably won’t be targeted by spyware, but if you are, odds are you won’t know about it. The latest spyware slips in unseen through online ads as you go about your digital life.
What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.
This is the part that makes this newsworthy. Insanet uses the advertising infrastructure to target a specific group or even person, and when the ad is displayed it does not require user interaction to install itself. They’ve developed a zero-click exploit, which is very concerning
I’m not clear on whether an adblocker will actually protect you from this - some adblockers only prevent the display of the ad in your browser, but the content of the ad is still downloaded with the rest of the webpage information. You might actually need something like Pihole to block ad server addresses so that the content never gets downloaded at all, but that would make any browsing outside your home network dangerous.
Any DNS based blocker will filter out anything from URLs at the source, so no data is received. I use AdAway with Magisk. Blocklists are updated regularly.
This is the part that makes this newsworthy. Insanet uses the advertising infrastructure to target a specific group or even person, and when the ad is displayed it does not require user interaction to install itself. They’ve developed a zero-click exploit, which is very concerning
I’m not clear on whether an adblocker will actually protect you from this - some adblockers only prevent the display of the ad in your browser, but the content of the ad is still downloaded with the rest of the webpage information. You might actually need something like Pihole to block ad server addresses so that the content never gets downloaded at all, but that would make any browsing outside your home network dangerous.
The ad is downloaded, but it’s removed before execution
Any DNS based blocker will filter out anything from URLs at the source, so no data is received. I use AdAway with Magisk. Blocklists are updated regularly.