Apple and Android phones hacked by Italian spyware, Google confirms


Google Inc. Alphabet confirmed in a report Thursday that hacking tools from an Italian company were being used to spy on Apple and Android smartphones in Italy and Kazakhstan, citing that the commercial spyware industry is booming and growing at a significant pace.

According to the report, the spy tools were developed by Milan-based RCS Lab that “used a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android without their knowledge.” The tools are created to access private messages and contacts present on the targeted device.

Google’s Threat Analysis Group (TAG) said the spyware spreads by making people click on links in messages sent to targets.

Once clicked, the page attempted to trick the user into downloading and installing a malicious application on Android or iOS. In some cases, Google believes the actors collaborated with the target’s ISP to disable the target’s mobile data connection.

Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to restore their data connection, which is why most applications impersonate mobile carrier applications, according to Google.

When not pretending to be a Mobile Internet Service Provider (ISP), the applications disguised themselves as messaging applications to trick people into clicking malicious links.

“Google has been monitoring the activities of commercial spyware vendors for years, and in that time we’ve seen the industry quickly expand from a few vendors to an entire ecosystem,” the TAG team told WIRED.

“These vendors enable the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities internally. But there’s little or no transparency in this industry, so it’s critical to share information about these vendors and their capabilities.”

Google said it had taken steps to step up its software defenses and warned all Android victims. As for Apple, it has revoked all known accounts and certificates associated with the spyware campaign.

TAG says it currently tracks more than 30 spyware makers that have grown into a full-fledged ecosystem that offers varying levels of sophistication and public exposure, selling exploits or surveillance capabilities to government-backed actors.

RCS Lab claims on its website that they have European law enforcement agencies as one of their clients. It describes itself as a maker of complete “legal interception” services with over 10,000 intercepted targets handled daily in Europe alone.

The Italian company told Reuters that its products and services comply with European Union rules and will help law enforcement agencies investigate cybercrime.

“Any sale or implementation of products will only be carried out after receiving an official authorization from the competent authorities. Our products are delivered and installed in the premises of approved customers. RCS Lab personnel will not be exposed to or participate in activities performed by the relevant customers,” it added.

Leave a Comment