Friday 24 June 2022 12:51 PM Google warns of new SPYWARE used to hack smartphones trends now

Google has warned of spyware being used by foreign governments to hack into Apple and Android phones and snoop on users' activities.

The offending 'spyware' – software that steals information from a device – was created by Milan-based company RCS Lab, Google and security firm Lookout have revealed.

RCS Lab spyware has allegedly been used by the Italian and Kazakhstani governments to spy on private messages and contacts stored on their citizens' smartphones.

However, the spyware is potentially capable of spying on a victim's browser, camera, address book, clipboard and chat apps too.

RCS Lab is an example of a 'lawful intercept' company that claims to only sell to customers with legitimate use for surveillance, such as intelligence and law enforcement agencies.

But in reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials, security experts say.

Spyware is a specific type of malware that steals information from a computer and sends it to a third party, without the person's knowledge (file photo)

It's thought RCS Lab's spyware, nicknamed 'Hermit', is distributed via SMS messages that appear to come from legitimate sources.

SPYWARE AND MALWARE

Spyware is a specific type of malware that steals information from a computer and sends it to a third party, without the person's knowledge.

Spyware gathers your personal information and relays it to advertisers, data firms, or external users.

Meanwhile, malware is a catch-all term for any type of malicious software, regardless of how it works, its intent, or how it’s distributed.

The term includes adware, spyware, viruses, trojans and more.

Source: Norton Security

It tricks users by serving up what looks like legitimate webpages of high-profile brands as it kickstarts malicious activities in the background.

In some cases, citizens were sent SMS messages asking them to install an application to fix their slow mobile connectivity – when in fact, doing so installed the spyware.

In these cases, attackers managed to get the victim's internet service provider (ISP) to slow down their connectivity, Google said, to make it seem like a legitimate message.

In other cases, citizens were sent links to a webpage that was masquerading as a high profile tech company, such as Facebook.

As an example, Google posted a screenshot from one of the attacker controlled sites, www.fb-techsupport.com, intended to impersonate Facebook's support team (the webpage no longer exists).

In Italian, it told victims that their accounts had been suspended and they they needed to download an application to restore the account.

Google said it had taken steps to protect users of its Android operating system and alert them about the spyware.

Apple and the governments of Italy and Kazakhstan did not immediately respond to requests for comment.

Screenshot posted by Google, which translates from Italian as: 'Suspended account reset. Download and install, following the instructions on the screen, the application for verifying and restoring your suspended account. At the end of the procedure you will receive an unlock confirmation SMS'

Google said the commercial spyware industry is 'thriving' and 'growing at a significant rate' – a trend that 'should be concerning to all internet users'.

HOW IS THE SPYWARE INSTALLED?

In some cases, Google said it believed hackers using RCS spyware worked with the target's internet service provider (ISP).

This method originated with a unique link sent to the target.

Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS.

In some cases, actors likely worked with the target’s ISP to disable the target’s mobile data connectivity.

Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.

This is the reason why most of the applications masqueraded as mobile carrier applications.

When ISP involvement was not possible, applications are masqueraded as messaging applications.

'These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,' Benoit Sevens and Clement Lecigne from Google's Threat Analysis Group said in a blog post.

'While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values – targeting dissidents, journalists,