Friday 24 June 2022 12:51 PM Google warns of new SPYWARE used to hack smartphones trends now
Google has warned of spyware being used by foreign governments to hack into Apple and Android phones and snoop on users' activities.
The offending 'spyware' – software that steals information from a device – was created by Milan-based company RCS Lab, Google and security firm Lookout have revealed.
RCS Lab spyware has allegedly been used by the Italian and Kazakhstani governments to spy on private messages and contacts stored on their citizens' smartphones.
However, the spyware is potentially capable of spying on a victim's browser, camera, address book, clipboard and chat apps too.
RCS Lab is an example of a 'lawful intercept' company that claims to only sell to customers with legitimate use for surveillance, such as intelligence and law enforcement agencies.
But in reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials, security experts say.
Spyware is a specific type of malware that steals information from a computer and sends it to a third party, without the person's knowledge (file photo)
It's thought RCS Lab's spyware, nicknamed 'Hermit', is distributed via SMS messages that appear to come from legitimate sources.
It tricks users by serving up what looks like legitimate webpages of high-profile brands as it kickstarts malicious activities in the background.
In some cases, citizens were sent SMS messages asking them to install an application to fix their slow mobile connectivity – when in fact, doing so installed the spyware.
In these cases, attackers managed to get the victim's internet service provider (ISP) to slow down their connectivity, Google said, to make it seem like a legitimate message.
In other cases, citizens were sent links to a webpage that was masquerading as a high profile tech company, such as Facebook.
As an example, Google posted a screenshot from one of the attacker controlled sites, www.fb-techsupport.com, intended to impersonate Facebook's support team (the webpage no longer exists).
In Italian, it told victims that their accounts had been suspended and they they needed to download an application to restore the account.
Google said it had taken steps to protect users of its Android operating system and alert them about the spyware.
Apple and the governments of Italy and Kazakhstan did not immediately respond to requests for comment.
Screenshot posted by Google, which translates from Italian as: 'Suspended account reset. Download and install, following the instructions on the screen, the application for verifying and restoring your suspended account. At the end of the procedure you will receive an unlock confirmation SMS'
Google said the commercial spyware industry is 'thriving' and 'growing at a significant rate' – a trend that 'should be concerning to all internet users'.
'These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,' Benoit Sevens and Clement Lecigne from Google's Threat Analysis Group said in a blog post.
'While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values – targeting dissidents, journalists,