Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Uncategorized

Apple, Android Phones Targeted by Italian Spyware: Google

An Italy-based firm’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a “flourishing” spyware industry.

An Italy-based firm’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a “flourishing” spyware industry.

Google’s threat analysis team said spyware made by RCS Lab targeted the phones using a combination of tactics including unusual “drive-by downloads” that happen without victims being aware.

Concerns over spyware were fueled by media outlets reporting last year that Israeli firm NSO’s Pegasus tools were used by governments to surveil opponents, activists and journalists.

“They claim to only sell to customers with legitimate use for surveillanceware, such as intelligence and law enforcement agencies,” mobile cybersecurity specialist Lookout said of companies like NSO and RCS.

“In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,” Lookout added.

Google’s report said the RCS spyware it uncovered, and which was dubbed “Hermit“, is the same one that Lookout reported on previously.

Lookout researchers said that in April they found Hermit being used by the government of Kazakhstan inside its borders to spy on smartphones, just months after anti-government protests in that country were suppressed.

“Like many spyware vendors, not much is known about RCS Lab and its clientele,” Lookout said. “But based on the information we do have, it has a considerable international presence.”

Advertisement. Scroll to continue reading.

Growing spyware industry

Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.

Analysis of Hermit showed that it can be employed to gain control of smartphones, recording audio, redirecting calls, and collecting data such as contacts, messages, photos and location, Lookout researchers said.

Google and Lookout noted the spyware spreads by getting people to click on links in messages sent to targets.

“In some cases, we believe the actors worked with the target’s ISP (internet service provider) to disable the target’s mobile data connectivity,” Google said.

“Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.”

When not masquerading as a mobile internet service provider, the cyber spies would send links pretending to be from phone makers or messaging applications to trick people into clicking, researchers said.

“Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background,” Lookout researchers said.

Google said it has warned Android users targeted by the spyware and ramped up software defenses. Apple told AFP it has taken steps to protect iPhone users.

Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to the Alphabet-owned tech titan.

“The commercial spyware industry is thriving and growing at a significant rate,” Google said.

ReadGoogle Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: US Puts New Controls on Israeli Spyware Company NSO Group

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: Apple Confirms New Zero-Day Attacks on Older iPhones

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Management & Strategy

Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Ransomware

A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks.

Cybersecurity Funding

B2B payment security provider NsKnox raised $17 million in a new funding round that brings the total raised by the company to $35.6 million.

Cybersecurity Funding

Silk Security raised $12.5 million in seed funding and is on a mission to break down the silos between security and development with an...

Uncategorized

ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.

Uncategorized

Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s  BIG-IP product started less than five days after public disclosure and PoC exploit code was published.

Uncategorized

Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison.