Google has claimed that Apple and Android phones are targeted by another Pegasus | Check details here

Apple, Android phones targeted by Italian spyware, says Google

On Thursday, Google said data-stealing tools from an Italy-based company were used to spy on Apple and Android smartphones in Italy and Kazakhstan, highlighting a software industry "thriving" espionage. 

Google's threat analysis team says spyware created by RCS Lab targets phones using a combination of tactics, including unusual "drive-by downloads" that occur without the victim knowing. 

Spyware concerns were fueled by media reports last year that Israeli company NSO's Pegasus tools were being used by governments to spy on opponents, activists, and politicians' newspapers. 

 “They claim to only sell to customers who legitimately use surveillance software, such as intelligence and law enforcement,” said mobile cybersecurity expert Lookout of companies like NSO and RCS. 

 “In fact, these tools are often abused under the guise of national security to spy on corporate executives, human rights activists, journalists, academics, and government officials,” Lookout said more.

NSO Group's Spyware Tool

 Google's report indicates that the RCS spyware they detected, was named "Hermit", just like Lookout previously reported. Researchers at lookout said in April they discovered the Hermit was being used by the Kazakh government inside its borders to spy on smartphones, just months after anti-government protests government was suppressed there.

"Like many spyware vendors, not much is known about RCS Lab and its clientele," Lookout said.

"But according to the information we  have, he has a significant international presence." 

 Growing Spyware Industry 

Evidence suggests Hermit has been used in a primarily Kurdish region of Syria, the mobile security firm said.  Analysis of Hermits has shown that it can be used to control smartphones, record audio, divert calls and collect data such as contacts, messages, photos, and location, the researchers said. Lookout research said. 

 Google and Lookout note that spyware spreads by tricking people into clicking links in messages sent to targets. 

 "In some cases, we believe the actors worked with the target's ISP (internet service provider) to disable the target's mobile data connection," Google said. 

 "Once disabled, an attacker sends a malicious link via SMS asking the target to install an app to restore their data connection." 

 When not impersonating a mobile internet service provider, cyberspies sent links claiming to be from phone or messaging app makers to trick people into clicking, researchers say. 

 “Hermit deceives users by providing legitimate websites of brands it impersonates to perform malicious activities in the background,” Lookout researchers said. 

 Google says it has warned Android users to be targeted by spyware and tightened software defenses. Apple told AFP it had taken steps to protect iPhone users. 

According to the Alphabet-owned tech giant, Google's security team keeps tabs on more than 30 companies that provide governments with surveillance tools.

"The commercial spyware industry is thriving and growing at a remarkable rate," Google said.