Apple, Android phones targeted by Italian spyware: Google
SAN FRANCISCO, June 23, 2022 (AFP) – The hacking tool of an Italian firm was used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said on Thursday, a “thriving” spyware industry. Throwing light.
Google’s threat analysis team said spyware created by RCS Lab targeted phones using a combination of tactics, including unusual “drive-by downloads,” which happen without victims being aware.
Concern over spyware was reported last year by media outlets that the Pegasus tools of Israeli firm NSO had been used by governments to survey opponents, activists and journalists.
“They claim to sell only to customers who have legitimate uses of surveillanceware, such as intelligence and law enforcement agencies,” mobile cybersecurity specialist Lookout said of companies like NSO and RCS.
“Indeed, such tools are often misused to spy on business executives, human rights activists, journalists, academics and government officials under the guise of national security,” Lookout said.
Google’s report states that the RCS spyware it uncovered, and dubbed “Hermit”, is the same one that Lookout previously reported.
Lookout researchers said in April they found the Hermit was being used by Kazakhstan’s government to spy on smartphones, just months after suppressing anti-government protests in that country.
“Like many spyware vendors, not much is known about RCS Lab and its customers,” Lookout said. “But based on the information we have, it has a considerable international presence.”
The mobile security company said evidence showed the Hermit was used in the Kurdish region of Syria.
Lookout researchers said Hermit’s analysis showed it could be used to gain control of a smartphone, record audio, redirect calls, and collect data such as contacts, messages, photos and locations.
Google and Lookout noticed spyware spread by getting people to click on links in messages sent to Target.
“In some cases, we believe that the actors worked with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connectivity,” Google said.
“Once disabled, the attacker will send a malicious link via SMS asking the target to install an application to recover their data connectivity.”
When not masquerading as a mobile Internet service provider, cyber spies send links to phone manufacturers or messaging applications to trick people into clicking them, the researchers said.
“Hermit tricks users by serving legitimate webpages from brands that kickstart malicious activities in the background,” the Lookout researchers said.
Google said it has warned Android users targeted by spyware and has beefed up software protections. Apple told AFP it has taken steps to protect iPhone users.
According to the Alphabet-owned tech titan, Google’s Threat Team is tracking more than 30 companies that sell surveillance capabilities to governments.
“The commercial spyware industry is flourishing and growing at a significant rate,” Google said.