Mollitiam Industries, a small and lesser known Spanish spyware manufacturer, is now closed.
The end of the startup was first reported by Intelligence Intelligence Online on the Intelligence and Surveillance Trade News website. Public Business Records confirm that the company filed for bankruptcy on January 23rd.
Unlike the hacking team, NSO Group and now Paragon Solutions, Mollitiam Industries, based in Toledo, a town outside of Madrid, Spain, is mostly operating in public places. In part, the secret is merely a result of the nature of the spyware industry. There are many vendors all over the world, and a significant number of vendors don't want to advertise.
Another reason Mollitiam Industries avoids advertising is that it has nothing to do with the Spyware industry itself, but it has to do with the fact that Spyware startups are based in Spain. Also, the moratiam industry was known to be involved in one scandal in Colombia, which is another place where you can underreport in the English-speaking world.
At the time of writing, the official Mollitiam Industries website is still online. We did not respond to requests for comments sent to email addresses listed on the site. The line was busy when TechCrunch called out the phone number listed on the company's Google Maps list. According to the official LinkedIn account, Mollitiam Industries had 11-50 employees.
In 2021, Mollitiam Industries first attracted the attention of English-speaking media. Wired is designed to secretly extract data from target devices, such as from messaging apps such as Telegram and WhatsApp, when brochures are unintentionally left online by third parties, and are designed to secretly extract data from target devices. We reported that we had shown a startup development product called Crawler. Steal your device's camera and microphone, password, and log keystroke.
The 2020 Colombian news magazine Semana reported that journalists and their offices were under physical and digital surveillance by the country's military intelligence agency. The surveillance and threatening campaign comes after the magazine released an investigation into alleged misconduct by military officers in 2019.
“The Colonel Cyber Intelligence provided me with 50 million pesos. [around $15,000 at the time] To introduce malware (viruses) to Semana journalists' computers and make information accessible,” the source told the magazine.
Do you have more information about Mollitiam Industries or other spyware manufacturers? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
The malware appears to have been developed by the Moritium Industry, according to a photo of a contract between the Colombian National Army (Egercito Nacional de Colombia) and Moritium Industry.
The document showed that military agencies had made an offer of around 3 billion pesos (at the time about $900,000) to acquire a system called “Hombre Invisible” (or Invisible Man). The software is said to be able to infect MacOS and Windows devices remotely, both by hiding internal office documents and via USB drives. Malware can also bypass antivirus software and allow military officers to infect “unlimited” number of active targets.
“This tool allows you to do everything. You can enter any computer, access WhatsApp and Telegram web calls and conversations, archived or deleted chat conversations, photos, and generally stored in memory of infected machines. I'll download anything that's there,” an anonymous source said.
Screenshot of the backend of Android Spyware Night Crawler by Mollitiam Industries.
In the same year as the Colombian scandal, Moritium Industries gave an online talk through ISS World, a series of conferences for businesses that wanted to sell their products to law enforcement and intelligence reporting agencies.
In its talk, the company wrote that end-to-end encryption makes it more difficult to eavesdrop on intended individuals, using malware to compromise target devices to access communications. I've referred to the need to do so. According to the description, “Mollitiam explains the roots of this approach through software demonstrations and shares innovative features such as recording WhatsApp VoIP calls.”
According to Meta, Mollitiam Industries was active until at least the end of 2023. In early 2024, Meta said in a report that it had removed a network of fake Facebook and Instagram accounts linked to Mollitiam Industries.
“Mollitiam Industries and its customers ran fake accounts that they used to test malicious features and reduce public information between their accounts. Like other surveillance companies, they have set target IP addresses. We used an IP logging link intended to track it,” read the report. “They also worked in phishing and social engineering, primarily targeting people in Spain, Colombia and Peruvian people, including political opposition, journalists, anti-corruption activists and activists against police abuse.”
Spain, particularly Barcelona, has recently become a hotbed of spyware startups. Part of it was founded by foreigners recruiting security researchers from other countries, including Italy and Israel.
The company has been relatively under-reported, but its activities were tracked by Amnesty International. Jurre Van Bergen, an engineer at Amnesty International's Security Lab, found a Windows sample from Mollitiam Industries and command and control server indexed into Censys, an online search engine for internet-connected devices. told TechCrunch that it identified “command and control server” as “. Invisible Man Login, a clear reference to one of the company's products.
“The very sloppy work of spyware makers is making sure they don't put it behind the firewall,” Vanbergen told TechCrunch. “I don't think I'd be surprised when I consider their sloppy work that went bankrupt.”