Mollitiam Industries, a small and relatively unknown Spanish spyware maker, has shut down due to financial issues, according to public business records. The company, based in Toledo, Spain, filed for bankruptcy on January 23, as reported by Intelligence Online, a trade website focused on intelligence and surveillance.
Unlike other prominent spyware makers like Hacking Team, NSO Group, and Paragon Solutions, Mollitiam Industries has operated largely under the radar, with minimal public attention. This secrecy is partly due to the nature of the spyware industry, which often involves vendors from around the world who prefer to maintain a low profile. Additionally, Mollitiam Industries' location in Spain, which receives less attention from international English-language media outlets, contributed to its relative anonymity.
At the time of writing, Mollitiam Industries' official website remains online, although the company did not respond to a request for comment. According to its LinkedIn account, the company had between 11 and 50 employees. In 2021, Mollitiam Industries gained some attention from English-speaking media after a brochure was unintentionally left online, revealing the development of spyware products called Invisible Man and Night Crawler. These products were designed to extract data from target devices, including messaging apps like Telegram and WhatsApp, activate cameras and microphones, steal passwords, and log keystrokes.
In 2020, Colombian news magazine Semana reported that its journalists and offices had been under physical and digital surveillance by the country's military intelligence agency. The agency allegedly used malware developed by Mollitiam Industries to intimidate the journalists, offering them bribes to install the malware on their computers. A photo of a contract between the National Army of Colombia and Mollitiam Industries revealed the military agency's offer of nearly 3 billion pesos (around $900,000 at the time) to acquire a system called "Hombre Invisible" (or Invisible Man), capable of infecting macOS and Windows devices remotely or via USB drive.
The same year, Mollitiam Industries gave an online talk through ISS World, a series of conferences for companies selling products to law enforcement and intelligence agencies. The company discussed the challenges of end-to-end encryption and the need to use malware to compromise target devices, showcasing innovative features such as recording WhatsApp VoIP calls.
In early 2024, Meta reported that it had removed a network of fake accounts on Facebook and Instagram linked to Mollitiam Industries. The company was found to be running fake accounts for testing malicious capabilities, scraping public information, and engaging in phishing and social engineering targeted at individuals in Spain, Colombia, and Peru, including political opposition, journalists, anti-corruption activists, and activists against police abuse.
Spain, particularly Barcelona, has become a hub for spyware startups, some founded by foreigners recruiting security researchers from countries like Italy and Israel. Amnesty International's Security Lab has been tracking Mollitiam Industries' activities, identifying Windows samples and a command and control server indexed on Censys, an online search engine for internet-connected devices, as "Invisible Man Login."
Jurre van Bergen, a technologist at Amnesty International's Security Lab, expressed surprise at the company's sloppy work, stating, "Extremely sloppy work of a spyware manufacturer to not put that behind a firewall. I guess I'm not surprised given their sloppy work they went bankrupt."
The shutdown of Mollitiam Industries highlights the risks and consequences of operating in the shadowy world of spyware development. As the industry continues to evolve, it remains to be seen how this development will impact the global surveillance landscape.