Apple, Android phones targeted by Italian spyware: Google
San Francisco, June 23, 2022 (AFP) – The hacking tools of an Italy-based company were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, shedding light on a “thriving” spyware industry .
Google’s threat analysis team said spyware created by RCS Lab targeted the phones using a combination of tactics, including unusual “drive-by downloads” that occur without victims’ awareness.
Concerns about spyware were sparked by media outlets last year reporting that Israeli company NSO’s Pegasus tools were being used by governments to monitor opponents, activists and journalists.
“They claim to only sell to customers with legitimate uses for surveillance ware, such as intelligence and law enforcement agencies,” said mobile cybersecurity specialist Lookout of companies like NSO and RCS.
“In reality, such tools have often been misused under the guise of national security to spy on business leaders, human rights activists, journalists, academics and government officials,” Lookout added.
Google’s report said the RCS spyware it discovered, dubbed “Hermit,” is the same one Lookout previously reported on.
Lookout investigators said they discovered in April Hermit was being used by the government of Kazakhstan to spy on smartphones within its borders, just months after anti-government protests were suppressed in that country.
“Like many spyware vendors, not much is known about RCS Lab and its customers,” says Lookout. “But based on the information we have, it has a significant international presence.”
There is evidence that Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.
Analysis from Hermit showed it could be used to take control of smartphones, record audio, route calls and collect data such as contacts, messages, photos and location, Lookout researchers said.
Google and Lookout noticed the spread of spyware by making people click on links in messages sent to targets.
“In some cases, we believe the actors collaborated with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connection,” Google said.
“Once disabled, the attacker would send a malicious link via text message asking the target to install an application to restore their data connection.”
When not pretending to be a mobile Internet service provider, the cyber spies would send links masquerading as phone manufacturers or messaging applications to trick people into clicking, researchers said.
“Hermit deceives users by displaying the legitimate web pages of the brands it impersonates because it launches malicious activity in the background,” Lookout researchers said.
Google said it warned Android users who had been targeted by the spyware and stepped up its software defenses. Apple told AFP it has taken steps to protect iPhone users.
Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to Alphabet’s tech titan.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.