Pegasus, NSO Group's lawful intercept product that's been widely criticized as easily abused spyware, is said, by the Guardian, to have been found in the devices of a number of senior intelligence and defense officials in Pakistan. Pakistani diplomatic missions the Guardian contacted about the incident have not returned comments. Pegasus apparently was installed in the victims' devices through the WhatsApp vulnerability whose exploitation in a similar way prompted India's domestic surveillance scandal earlier this autumn. Quartz published an account at the end of October of how journalists and activists in India were affected. According to the Times of India, the Indian government has maintained that it wasn't responsible for deploying the spyware to keep tabs on various dissident types, as critics have widely charged. In the present case, observers regard the installation of Pegasus as "state-on-state" espionage as opposed to domestic surveillance.
Juniper Networks has published research into the FlexiSPY strain of stalkerware. Despite recent US Federal Trade Commission action against Retina-X Studios, an action that effectively shuttered the business, other vendors haven't hesitated to enter the stalkerware market. FlexiSPY is one such player. The company offers the ability to “Spy On Any Computer With Our Powerful Computer Monitoring Software." Specifically, they promise to deliver GPS tracking, covert photography, and the ability to intercept calls, emails, and texts. They do include a disclaimer advising against "sneaky" uses of their product, but given that FlexiSPY is designed for surreptitious installation, it's difficult to regard this as anything beyond the sort of easily dropped fig leaf of good intentions one often sees in such contexts. While it might be possible to imagine legitimate uses for this sort of tool, the illegitimate uses far, far outnumber these. Juniper is not impressed, and offers advice on how to detect and remove FlexiSPY from an affected device. It's not easy.