Apple, Android phones under attack by Italian spyware: Google – AFR

Hacking tools from an Italy-based firm were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said on Thursday, shedding light on a “thriving” spyware industry.

Google’s threat analysis team said RCS Lab-made spyware attacked the phones using a combination of tactics, including unusual “drive-by downloads” done without the victims’ knowledge.

Concerns about spyware were fueled by media reports last year that Israeli company NSO’s Pegasus tools were being used by governments to monitor opponents, activists and journalists.

“They claim to only sell to customers with legitimate uses for surveillance software, such as B. Secret services and law enforcement agencies,” Lookout, a specialist in mobile cybersecurity, said of companies like NSO and RCS.

“In reality, such tools have often been misused under the guise of national security to spy on businesspeople, human rights activists, journalists, academics and government officials,” Lookout added.

According to Google’s report, the RCS spyware discovered, named “Hermit,” is the same one that Lookout previously reported on.

Lookout researchers said they found in April that Hermit was being used by the Kazakh government within its borders to spy on smartphones, just months after anti-government protests in that country were crushed.

“As with many spyware vendors, not much is known about RCS Lab and its customers,” Lookout said. “But based on the information we have, it has a significant international presence.”

Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security firm said.

Analysis of Hermit showed that it can be used to take control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and locations, Lookout researchers said.

Google and Lookout noticed the spread of spyware by tricking people into clicking links in messages sent to destinations.

“In some cases, we believe the actors worked with the target’s ISP (Internet Service Provider) to disable the target’s cellular data connection,” Google said.

“Once disabled, the attacker sent a malicious link via SMS, prompting the target to install an application to restore their data connectivity.”

When not posing as a mobile Internet service provider, the cyber spies send links pretending to be from phone makers or messaging apps to trick people into clicking, researchers said.

“Hermit deceives users by serving up the legitimate websites of the brands it impersonates while launching malicious activity in the background,” Lookout researchers said.

Google said it warned Android users affected by the spyware and stepped up software defenses. Apple told AFP it has taken steps to protect iPhone users.

According to Alphabet tech titan, Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments.

“The commercial spyware industry is thriving and growing at a significant rate,” said Google.