Client: iVerify, mobile threat research and consumer security. Engagement: A long-running research and publishing partnership: on-the-record bylines, co-authored investigations, and parallel work on state-linked telecom routing. Our role: Daniel Kelley is a named co-author alongside iVerify Research; Cyberou handled drafting, structure, and publication-ready technical prose.
Summary
Mobile spyware and crimeware markets move faster than most vendor blogs can credibly cover. iVerify needed sustained, practitioner-grade reporting that could still earn attention from serious readers and journalists, not one-off hot takes.
Across roughly nineteen months and reporting that touched thirty-five countries, the programme produced co-credited work on high-signal topics (including a Scattered Spider investigation co-credited to iVerify Research and Daniel Kelley). Parallel research analysed state-linked telecom routing across sixty-plus operators. Outlets including Axios, Forbes, and CyberScoop picked up lines from this body of work.
- Named co-authorship where the reporting warranted shared credit
- Deep mobile malware and surveillance tradecraft explainers on iverify.io
- Press-ready narratives that could travel outside the blog
Challenge
Mobile threat stories sit at the intersection of criminal markets, consumer harm, and geopolitics. The writing has to be accurate enough for researchers, legible enough for reporters, and careful enough for legal review. That is a narrow band.
iVerify also publishes under its own brand and reputation. Anything that reads like “SEO filler” would undermine the rest of their research programme. Every piece needed a defensible thesis, clean sourcing discipline, and a voice that still sounded like iVerify.
Long programmes add a coordination challenge: continuity across threads, consistent definitions, and the ability to ship quickly when a story breaks without abandoning quality control.
Approach
We treated each release like a small investigation on paper: what changed, what evidence supports it, what a reader should do differently, and what remains unknown. Drafts moved through iVerify research review until claims and framing matched their bar.
When a topic intersected sensitive geopolitical material, we prioritised clarity and proportionality: enough detail to be useful, enough restraint to avoid sensationalism. Co-authorship credits reflected who did the work, not who wanted a byline.
For parallel telecom routing work, the goal was the same as the blog: translate complex infrastructure behaviour into language practitioners and journalists could reason about, without pretending the dataset answered every question.
Results
iVerify built a deeper public library of mobile threat reporting that could support fundraising, partnerships, and press without reinventing the wheel for every launch. The work also gave reporters concrete hooks when mobile surveillance stories hit the news cycle.
Tier-1 pickup (Axios, Forbes, CyberScoop, among others) validated that the narratives could travel beyond iVerify’s owned channels, which is often the difference between “good blog” and “research people actually cite.”
The durable outcome is reputational: iVerify stayed readable and rigorous across a long arc, which is how research programmes compound instead of decaying into recycled content.
Published work
- Scattered Spider: The Group That Blends Digital Attacks with Real-World Violence · iVerify blog (co-credited reporting)
- Abusing Data in the Middle: Surveillance Risks in China’s State-Owned Mobile Ecosystem · iVerify blog (noted in programme reporting for Tier-1 pickup)
- Renting Android Malware Is Getting Easier and Cheaper · iVerify blog
- Examples of work · full live-link catalogue