Google Says Italian Spyware Vendor Worked With ISPs To Infect iOS And Android Users With Spyware…. WTF??

I truly hope that someone within the European Union is aware of this, because this is just a mind blowing story. Google’s Threat Analysis Group (TAG) revealed that RCS Labs which an Italian spyware vendor similar to notorious Israeli spyware vendor The NSO Group , has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools:

All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.

Google has notified Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.

According to Lookout, Hermit is “modular surveillanceware” that “can record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.”

Google has also disabled the Firebase projects used by the threat actors to set up a command-and-control infrastructure for this campaign.

What’s even more scary is this: While a lot of attention has been placed on the activities of The NSO Group, spyware as a business is clearly thriving. This needs to change and these companies need to face some sort of consequences for their actions as this can’t be seen as acceptable in a civilized world. And the ISPs who helped this company carry this attack out needs to face some sort of punishment as well as that is also not acceptable in a civilized world.

Leave a Reply

%d bloggers like this: