Google is warning of a sophisticated new spyware campaign that has seen bad actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. On Thursday, the company’s Threat Analysis Team (TAG) shared its discovery on RCS Labs, a commercial spyware provider based in Italy.
On June 16, security researchers at linked the company to Hermit, a spyware program believed to have been first deployed by Italian authorities in 2019 as part of an anti-corruption operation. Lookout describes RCS Labs as an entity like the NSO Group. The company markets itself as a “legally rated” business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely because governments use Pegasus spyware to .
According to Google, Hermit can infect both Android and iOS devices. In several cases, the company’s researchers observed malicious actors working with the target’s internet service provider to disable their data connection. They will then send the target an SMS with a prompt to download the associated software to restore their internet connection. If that’s not an option, the bad guys have tried to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram.
What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons that Lookout observed allowed the program to steal data from the target’s calendar apps and address books, as well as take pictures with their phone’s camera. One module even gives the spyware the ability to root an Android device.
Google believes that Hermit never reaches the Play or App store. However, the company has found evidence that bad guys can spread spyware on iOS by subscribing to Apple. . Apple told that it blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.
The company concludes its post by noting that the growth of the commercial spyware industry should interest everyone. “These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” the company said. ty said. “While the use of surveillance technologies may be legal under national or international law, they are often used by governments for purposes contrary to democratic values: targeting dissidents, journalists, human rights and opposition party politicians.”
All products recommended by Engadget are handpicked by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
