Spanish spyware startup Mollitiam Industries shuts down

Mollitiam Industries, a small and little-known Spanish spyware maker, is shutting down. 

The startup’s demise was first reported by the intelligence and surveillance trade new website Intelligence Online, which blamed the company’s downfall on financial issues. Public business records confirm that the company filed for bankruptcy on January 23. 

Unlike Hacking Team, NSO Group, and now Paragon Solutions, Mollitiam Industries, which is based in Toledo, a town outside of Madrid, Spain, has mostly operated out of public view. In part, secrecy is just a consequence of the nature of the spyware industry: There are a lot of vendors all over the world, and a significant amount of them don’t want any publicity. 

Another reason why Mollitiam Industries eschews publicity may have less to do with the spyware industry itself, and more to do with the fact that the spyware startup was based in Spain, which doesn’t get a lot of attention from international English-language media outlets, and also because Mollitiam Industries was only ever known to be involved in one scandal in Colombia, another place that can be be underreported in the English-speaking world. 

At the time of writing, Mollitiam Industries’ official website is still online. The company did not respond to a request for comment sent to an email address listed on the site. When TechCrunch called a phone number listed on the company’s Google Maps listing, the line was busy. According to its official LinkedIn account, Mollitiam Industries had between 11 and 50 employees. 

In 2021, Mollitiam Industries first caught the attention of English-speaking media. Wired reported at the time that a brochure unintentionally left online by a third party showed the startup developed spyware products called Invisible Man and Night Crawler, which were designed to surreptitiously extract data from target devices, including from messaging apps like Telegram and WhatsApp, activate the device’s cameras and microphone, steal passwords, and log keystrokes. 

The year prior, in 2020, Colombian news magazine Semana reported that its journalists and its offices had been under physical and digital surveillance by the country’s military intelligence agency, whose agents reportedly intimidated the journalists with threats that included sending them tombstones. The surveillance and intimidation campaign came after the magazine had published investigations into alleged wrongdoing by officers in the military in 2019. 

“A cyber-intelligence colonel offered me 50 million pesos [around $15,000 at the time] to introduce a malware (virus) in the computers of Semana journalists and thus be able to access the information,” a source told the magazine.

That malware was apparently developed by Mollitiam Industries, according to a photo of a contract between the National Army of Colombia (Ejército Nacional de Colombia) and Mollitiam Industries. 

The document showed the military agency made an offer of nearly 3 billion pesos (around $900,000 at the time) to acquire a system called “Hombre Invisible” (or Invisible Man). The software was allegedly capable of infecting macOS and Windows devices both remotely, by hiding inside Office documents, and via USB drive. The malware could also bypass antivirus software, and allow the military officers to infect an “unlimited” number of active targets.  

“This tool allows us to do everything: get into any computer, access WhatsApp and Telegram Web calls and conversations, download archived or deleted chat conversations, photos and in general whatever is stored in the memory of the infected machine,” an anonymous source told Semana. 

The same year as the Colombia scandal, Mollitiam Industries gave an online talk through ISS World, a series of conferences for companies that want to sell products to law enforcement and intelligence agencies. 

The company wrote in the talk’s description that end-to-end encryption was making it more difficult to eavesdrop on intended individuals, and referred to the need to use malware to compromise the target’s device in order to access their communications. According to the description, “Mollitiam will explain the roots of this approach through software demonstrations, and will share innovative features such as the recordings of WhatsApp VoIP calls.” 

Mollitiam Industries was active at least until the end of 2023, according to Meta. In early 2024, Meta said in a report that it had removed a network of fake accounts on Facebook and Instagram that was linked to Mollitiam Industries.

“Mollitiam Industries and its customers ran fake accounts which they used for testing malicious capabilities among their own accounts and scraping public information. Similar to other surveillance-for-hire firms, they used IP-logging links aimed at tracing their targets’ IP addresses,” read the report. “They also engaged in phishing and social engineering targeted primarily at people in Spain, Colombia and Peru, including the political opposition, journalists, anti-corruption activists and activists against police abuse.”

Spain, and in particular Barcelona, has recently become a hotbed for spyware startups, some of which were founded by foreigners recruiting security researchers from other countries, including Italy and Israel.  

While the company has received relatively little attention, its activities were being tracked by Amnesty International. Jurre van Bergen, a technologist at Amnesty International’s Security Lab, told TechCrunch that he and his colleagues found Mollitiam Industries’ Windows samples and identified a command and control server that was indexed on Censys, an online search engine for internet-connected devices, as “Invisible Man Login,” a clear reference to one of the companies’ products.

“Extremely sloppy work of a spyware manufacturer to not put that behind a firewall,” van Bergen told TechCrunch. “I guess I’m not surprised given their sloppy work they went bankrupt.”