Spyware developer Memento Labs confirms "government client" used its tools to spy on Windows users

A targeted phishing attack on Russian and Belarusian citizens used Memento Labs' malware. Typing on a laptop - stock image. (Image Source: Toufique Barbhuiya)

The CEO of digital security firm Memento Labs admits that the organization developed the "Dante" malware uncovered in a recent Kaspersky report. Worryingly, Memento Labs indicates that the malware was used by an undisclosed "government client," potentially for spying on private citizens.

Arjun Krishna Lal, Published 10/29/2025 🇪🇸 🇵🇹 ...

The CEO of Memento Labs, a developer of spyware and surveillance tech, admitted that the “Dante” malware uncovered in a recent Kaspersky security report was produced by Memento Labs and used by what he described as a “government client.”

Per the Kaspersky report, a large number of Windows users in Russia and Belarus were hit by a sophisticated phishing attack, with victims believing they were invited to participate in an international political and economic forum. Simply clicking the link in the email would initiate the infection, provided an up-to-date version of Google's Chrome Web browser was used to do it. Those targeted include people working at universities, research institutions, and media outlets.

Kaspersky concluded that the intention of this phishing attack was international espionage. A statement by Memento Labs CEO Paolo Lazzi appears to corroborate this. Lazzi (via TechCrunch) stated that the phishing attack utilized Memento Labs’ Dante spyware and that the threat actor was a “government client.”

It remains unclear what particular entity was responsible for the phishing attack. However, as with Pegasus, this incident underlines the issues that arise when cybersecurity organizations provide tools and services that potentially allow governments to spy on their own citizens or those of other countries.