Mollitiam Industries Shuts Down: Spanish Spyware Startup Ceases Operations

Mollitiam Industries Ceases Operations

A Spanish spyware developer, Mollitiam Industries, a relatively obscure entity, has announced its closure. The company’s shutdown was initially reported by Intelligence Online, a publication specializing in intelligence and surveillance news.

Financial Difficulties Cited

The primary cause for Mollitiam Industries’ demise is attributed to financial challenges. Official business records corroborate the report, confirming the company filed for bankruptcy on January 23rd.

A Low-Profile Operation

Unlike more prominent firms such as Hacking Team, NSO Group, and Paragon Solutions, Mollitiam Industries maintained a largely discreet profile. This is common within the spyware industry, where many vendors prefer to operate without widespread publicity.

Limited Media Attention

The company’s location in Spain, a country often receiving less coverage from international English-language media, may have also contributed to its relative anonymity. Furthermore, Mollitiam Industries was primarily linked to a single publicized incident in Colombia.

Current Status and Contact Attempts

As of now, Mollitiam Industries’ website remains accessible online. Attempts to obtain a statement from the company via email were unsuccessful. A phone call to a listed number resulted in a busy signal.

Company Size

According to its LinkedIn profile, Mollitiam Industries employed between 11 and 50 individuals.

Spyware Capabilities Revealed

Initial Exposure in 2021

Mollitiam Industries first gained attention from English-speaking media outlets in 2021. A brochure inadvertently published online detailed the company’s spyware products, Invisible Man and Night Crawler.

Data Extraction and Surveillance

These tools were designed for covert data extraction from target devices. Capabilities included accessing messaging apps like Telegram and WhatsApp, activating cameras and microphones, stealing passwords, and recording keystrokes.

Colombia Surveillance Scandal

In 2020, Colombian magazine Semana reported that journalists and the magazine’s offices were subjected to both physical and digital surveillance by the country’s military intelligence agency.

Intimidation Tactics

Journalists were reportedly threatened, even receiving tombstones, following the publication of investigations into alleged misconduct within the military in 2019.

Malware Offer

A source revealed that a cyber-intelligence colonel offered 50 million pesos (approximately $15,000 at the time) to introduce malware into the computers of Semana journalists to gain access to their information.

Contract with the Colombian Army

This malware was reportedly developed by Mollitiam Industries, as evidenced by a photograph of a contract between the National Army of Colombia and the company.

“Hombre Invisible” System

The contract outlined a nearly 3 billion peso (around $900,000) offer for a system called “Hombre Invisible” (Invisible Man). This software could infect macOS and Windows devices remotely, through Office documents and USB drives.

Bypassing Security Measures

The malware was designed to circumvent antivirus software, allowing military officers to infect an “unlimited” number of targets. An anonymous source described its capabilities to Semana, stating it could access WhatsApp and Telegram communications, retrieve archived or deleted data, and capture information from the infected machine’s memory.

Further Developments and Activities

ISS World Presentation

In the same year as the Colombia scandal, Mollitiam Industries presented at ISS World, a conference for law enforcement and intelligence agencies. The company highlighted the challenges posed by end-to-end encryption and the need for malware to compromise target devices.

Demonstrating Capabilities

The presentation description mentioned software demonstrations and innovative features, including the recording of WhatsApp VoIP calls.

Meta’s Findings in 2024

Mollitiam Industries remained active until at least late 2023, according to Meta. In early 2024, Meta reported removing a network of fake accounts on Facebook and Instagram linked to the company.

Fake Accounts and Phishing

These accounts were used for testing malicious capabilities and scraping public information. The network employed IP-logging links to track targets and engaged in phishing attacks targeting individuals in Spain, Colombia, and Peru, including political opposition, journalists, and activists.

Barcelona as a Spyware Hub

Spain, particularly Barcelona, has emerged as a center for spyware startups, with some founded by foreigners recruiting security researchers from countries like Italy and Israel.

Amnesty International’s Tracking

Despite its low profile, Mollitiam Industries’ activities were monitored by Amnesty International. A technologist from Amnesty International’s Security Lab identified the company’s Windows samples and a command and control server labeled “Invisible Man Login.”

Security Concerns

The technologist noted the lack of firewall protection for the command and control server, suggesting a lack of security awareness that may have contributed to the company’s bankruptcy.