As part of Google’s Efforts to track the activities of commercial spyware vendors, the company’s Threat Analysis Group (TAG) released a report Thursday Spyware campaigns targeting Android and iOS users.
Google TAG researchers Benoit Sevens and Clement Lecigne detail the use of spyware for companies named “Hermit.” This sophisticated spyware tool allows attackers to steal data, private messages and make phone calls. In their report, TAG researchers attribute Hermit to RCS Labs, a commercial spyware vendor based in Italy.
Hermit poses many significant dangers. Because of its modularity, Hermit is quite customizable, allowing the spyware’s features to be tailored to the user’s will. Once fully on a target’s phone, attackers can collect sensitive information such as call logs, contacts, photos, precise location, and SMS messages.
Sevens and Lecigne’s full report details how attackers can gain access to Android and iOS devices through clever tricks and drive-by attacks. Potential targets of this scam have their data disabled through their ISP provider before texting a malicious link to trick them into “fixing” the issue. If that doesn’t work, targets are tricked into downloading malicious apps disguised as messaging applications.
Just last week, cybersecurity company Lookout reported on the use of Hermit by agents working in the governments of Kazakhstan, Syria and Italy. Google has already identified victims in these countries, stating that “TAG is actively pursuing more than 30 vendors with varying levels of experience and notoriety who are selling exploits or monitoring capabilities to government-backed actors.”
The Milan-based company claims to have “provided law enforcement agencies worldwide with state-of-the-art technological solutions and technical support in the field of lawful interception for more than twenty years.” More than 10,000 intercepted targets are to be processed daily in Europe alone.
If you have been reached for a comment by The hacker newsRCS Labs said that its “core business is the design, production and implementation of lawful interception, forensic intelligence and data analysis software platforms” and that it “helps law enforcement agencies prevent and investigate serious crimes such as terrorist attacks and drug trafficking, organized Crime, child abuse and corruption.”
Still, the news of the use of spyware by state government agents is worrying. It not only undermines trust in the security of the Internet, but also endangers the lives of everyone a government considers an enemy of the state, such as dissidents, journalists, human rights activists and politicians from opposition parties.
“Tackling the malicious practices of the commercial surveillance industry requires a robust, comprehensive approach that includes collaboration between threat intelligence teams, network defenders, academic researchers, governments and technology platforms,” Google TAG researchers wrote. “We look forward to continuing our work in this area and improving the security of our users around the world.”