As part of Google’s effort to monitor the activities of commercial spyware vendors, the company’s Threat Analysis Group (TAG) released a report Thursday on spyware campaigns targeting Android and iOS users.
Google TAG researchers Benoit Sevens and Clement Lecigne go into detail about the use of spyware for entrepreneurs called “Hermit”. This advanced spyware tool allows attackers to steal data, steal private messages and make phone calls. In their report, TAG researchers attributed Hermit to RCS Labs, a commercial spyware vendor in Italy.
Recluse brings many important dangers. Due to its modularity, Hermit is quite customizable, allowing the customization of the spyware’s features to the user’s will. Once fully placed on a target’s phone, attackers can collect sensitive information such as call logs, contacts, photos, precise location, and text messages.
The full report from Sevens and Lecigne details the ways in which attackers can gain access to both Android and iOS devices through clever tricks and drive-by attacks. Potential targets of this scam have their data disabled through their ISP provider before sending a malicious link via SMS to trick them into “fixing” the problem. If that doesn’t work, targets are tricked into downloading malicious apps pretending to be messaging applications.
Spyware designed to track down terrorists was also used against journalists and activists
Last week, cybersecurity firm Lookout reported the use of Hermit by agents working in the governments of Kazakhstan, Syria and Italy. Google has already identified victims in these countries, stating that “TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure who sell exploits or surveillance capabilities to government-backed actors.”
The Milan-based company has claimed for more than twenty years to “provide law enforcement agencies around the world with advanced technological solutions and technical support in the field of lawful interception”. More than 10,000 intercepted targets are said to be handled daily in Europe alone.
When asked for comment by The Hacker News, RCS Labs said its “core business is the design, manufacture and implementation of software platforms for lawful interception, forensic intelligence and data analysis” and that it “helps law enforcement prevent and investigate serious crimes such as terrorism, drug trafficking, organized crime, child abuse and corruption.”
Still, the news about the spyware being used by state government agents is alarming. Not only does it erode confidence in internet security, but it also endangers the lives of anyone who considers a government an enemy of the state, such as dissidents, journalists, human rights activists and opposition party politicians.
“Addressing the malicious practices of the commercial surveillance industry requires a robust, comprehensive approach that includes collaboration between threat intelligence teams, network defenders, academic researchers, governments and technology platforms,” Google TAG researchers wrote. “We look forward to continuing our work in this space and improving the safety and security of our users around the world.”