Google: ‘Android devices and iPhones hacked by Italian spyware’ – ICT News

After NSO Group, it seems that a new European player is active in the sale of spyware. Google reveals that the company’s tools have tapped phones in Italy and Kazakhstan.

In a rapportGoogle indicates that it is spyware from the Italian company RCS Labs. The latter declares for its part that it has European police services (‘lawforce’) as clients and provides them with tools that allow them to spy on private messages and contacts of the victims.

Google, at the initiative of the Android operating system, now warns that it has discovered targeted attacks with this spyware on devices from Kazakhstan and Italy, both against Android and iOS (iPhone). Apple affirms in this sense to the agency Reuters that suspended accounts and certificates involved in the phishing campaign. Google claims to have taken action and informed the victims.

Fake Operator App

RCS Labs allegedly combines various tactics to infect victims, including ‘drive-by downloads’. It consists of convincing a victim to click on a link, which generates an infection in the background. In the case of even more sophisticated and yet to be discovered malware, the user will not even have to install or approve anything. Clicking on the link, after which the malware will be delivered, will very often be enough for the attack to be successful.

Here, things happen a little differently. In order to convince users, Google believes that the enforcers (police departments) work with the mobile operator to disable the victim’s mobile data. An SMS is then sent inviting you to click on the link to install an application to restore the data connection. Therefore, Google believes that some of the attacks are disguised as a (fake) telecom provider app.

RCS Labs itself assures Reuters that it respects European legislation, while adding that its staff does not participate in the activities of its clients and that it condemns any abuse of the tools.

Google, for its part, criticizes this type of practice. In its report, the firm claims that these actors make sure to spread dangerous hacking tools and arm the authorities. A more technical analysis of the results can be found on the blog. zero project the Google.

New case of the NSO?

All this is reminiscent of Pegasus spyware from the Israeli company NSO Group. Pegasus allows authorities to hack and wiretap individual users. Theoretically, spyware is only sold to democratic regimes with a view to fighting terrorism or serious crime, but a international survey showed last year that NSO had also sold its software to countries that have far less respect for democracy or human rights. This is how activists, political dissidents and journalists have been intercepted. Just this week, we learned that at least five European countries have used Pegasus.

In a report, Google indicates that it is spyware from the Italian company RCS Labs. The latter, for its part, declares that it has European police services (‘lawforce’) as clients and provides them with tools that allow them to engage in espionage of criminals. private messages and contacts of the victims. Google, at the initiative of the Android operating system, now warns that it has discovered targeted attacks using this spyware on devices in Kazakhstan and Italy, both against Android and iOS (iPhone). Apple tells Reuters in this regard that it has suspended accounts and certificates involved in the phishing campaign. Google claims to have taken action and informed the victims. RCS Labs allegedly combines various tactics to infect victims, including ‘drive-by downloads’. It consists of convincing a victim to click on a link, which generates an infection in the background. In the case of even more sophisticated and yet to be discovered malware, the user will not even have to install or approve anything. Clicking on the link, after which the malware will be delivered, will very often be enough for the attack to be successful. Here, things happen a bit differently. In order to convince users, Google believes that the enforcers (police departments) work with the mobile operator to disable the victim’s mobile data. An SMS is then sent inviting you to click on the link to install an application to restore the data connection. Therefore, Google believes that some of the attacks are disguised as a (fake) application of the telecom provider. RCS Labs itself tells Reuters that it complies with European legislation, while adding that its staff does not participate in the activities. of its clients and that condemns any abuse of the tools, Google for its part criticizes this type of practice. In its report, the firm claims that these actors make sure to spread dangerous hacking tools and arm the authorities. A more technical analysis of the results can be found on Google’s Project Zero blog. All of this strongly suggests Pegasus spyware from the Israeli company NSO Group. Pegasus allows authorities to hack and wiretap individual users. Theoretically, spyware is only sold to democratic regimes for the purpose of fighting terrorism or serious crime, but an international investigation last year showed that NSO had also sold its software to countries with much less respect for democracy or human rights. This is how activists, political dissidents and journalists have been intercepted. Just this week, we learned that at least five European countries have used Pegasus.

Leave a Comment