Welcome to ThreatLab

Your Frontline Defense Against Digital Threats

ThreatLab is a digital forensics and surveillance analysis project dedicated to protecting civil society, human rights defenders, journalists, and activists from the growing threats of spyware and digital surveillance. Our lab operates at the intersection of technology, advocacy, and human rights, providing tools, training, and expertise to combat digital threats in Uganda and across Africa.

Understanding Spyware and Surveillance

What is Spyware?

Spyware is malicious software installed on devices without the user’s consent. It can secretly monitor activity, collect sensitive information such as passwords, emails, messages, and location data, and transmit it to attackers.

Common Examples: Pegasus (NSO Group): Can remotely access smartphones, read messages, track locations, and activate cameras/microphones without user knowledge. FinFisher / FinSpy: Enables monitoring of emails, chats, calls, and files; often used by governments or law enforcement agencies. Hacking Team RCS: Provides full device control, including data exfiltration and live surveillance.

What is Digital Surveillance?

Digital surveillance is the monitoring of online and offline activity using technology. It can be conducted by governments, private companies, or malicious actors and often targets journalists, activists, and organizations working in sensitive areas.

Vestibulum vehicula tempor nulla, sed hendrerit urna interdum in. Donec et nibh maximus, congue est eu, mattis nunc. Praesent ut quam quis quam venenatis fringilla. Morbi vestibulum id tellus commodo mattis. Aliquam erat volutpat. Aenean accumsan id mi nec semper.

Effects of Spyware and Surveillance:

Compromise of private and sensitive information Threats to personal safety and organizational security Suppression of free speech and activism Increased vulnerability to cybercrime

Vestibulum vehicula tempor nulla, sed hendrerit urna interdum in. Donec et nibh maximus, congue est eu, mattis nunc. Praesent ut quam quis quam venenatis fringilla. Morbi vestibulum id tellus commodo mattis. Aliquam erat volutpat. Aenean accumsan id mi nec semper.

What We Do

Digital Forensics & Threat Analysis

The conducts in-depth digital forensics to detect spyware, investigate security breaches, and analyze malware behavior. Our goal is to provide actionable insights that help individuals and organizations safeguard their devices and data.

Threat Monitoring

We continuously monitor emerging spyware campaigns in Uganda and across the region. By tracking patterns, actors, and techniques, we stay ahead of evolving digital threats and provide timely intelligence to those at risk.

Capacity Building

Through hands-on training and workshops, we empower journalists, NGOs, and human rights defenders with practical skills in digital safety. Our programs focus on device security, secure communication, and threat prevention.

Incident Response

The lab provides rapid support to contain breaches and remediate compromised systems. Our incident response services help minimize damage and restore operational security for affected human rights defenders.

Research & Advocacy

We conduct research, publish reports, and engage in policy advocacy to promote digital rights and accountability. By combining technical evidence with strategic recommendations, we support legal and policy reforms that protect civil society from surveillance abuses.

Secure Reporting & Advisory

The lab provides a secure platform for individuals and organizations to report suspected spyware or surveillance incidents. We also offer advisory services, guiding users on how to respond to digital threats, implement best practices, and strengthen their overall cybersecurity posture.

Effects of Spyware and Surveillance:

1

Phishing

  • Attackers send emails, direct messages, or social media links that appear legitimate but contain spyware.
  • Clicking on the link can automatically download spyware onto the device.
  • Common examples include fake bank notifications, impersonation of friends, or “urgent” account alerts.
  • Prevention: Avoid clicking on unknown links, verify sender identity, and use email and browser security filters.
```

2

Fake Apps or Software Downloads

  • Cybercriminals create apps or software that look legitimate but are infected with spyware.
  • This includes fake utility apps, games, or pirated software.
  • Once installed, these apps can monitor activity, steal credentials, or record sensitive data.
  • Prevention: Only download apps from trusted app stores, check reviews, and verify developer authenticity.

3

Exploiting Vulnerabilities in Devices or Operating Systems

  • Spyware can take advantage of outdated operating systems, unpatched software, or security flaws in devices.

  • Zero-day exploits are vulnerabilities unknown to software developers, often used to secretly install spyware.

  • Prevention: Regularly update devices, install security patches, and use antivirus/antimalware software.

4

Unauthorized Access Through Insecure Networks

  • Public Wi-Fi networks can be exploited by attackers to intercept data or inject spyware onto connected devices.
  • Cybercriminals may set up fake Wi-Fi hotspots that appear legitimate to trick users.
  • Prevention: Avoid using unsecured networks for sensitive activities, use a reliable VPN, and disable automatic network connections.
```

5

Other Common Methods

  • Physical access to a device by an attacker can allow spyware installation.
  • Sharing infected USB drives, SD cards, or other storage media.
  • Malicious advertisements (malvertising) on websites that can trigger spyware downloads automatically.

Report a Spyware or Digital Attack Incident

If you suspect that your device has been compromised, your communications are being monitored, or you have experienced a digital attack, The ThreatLab is here to help. Our secure reporting system allows you to share details safely and confidentially so our team can assess your situation and provide guidance. Whether it’s possible spyware, phishing attempts, account breaches, or unusual device behavior, reporting early helps us investigate and support you more effectively.
Your safety and privacy come first. All information submitted is encrypted, handled discreetly, and reviewed only by our trusted incident response team. Click Below to Report an Incident
👉 Report an Incident

Support the ThreatLab

ThreatLab Uganda relies on community and partner support to continue investigating spyware, protecting at-risk groups, and strengthening digital security in Uganda. Your contribution helps us improve forensic research, deliver trainings, respond to digital attacks, and promote digital rights.
Support the Lab