Alphabet Inc’s Google issued a report yesterday (23 June) that stated Italy-based RCS Lab’s hacking tools were used to spy on Android and iOS smartphones in Italy and Kazakhstan which reflected a growing concern about commercial spyware falling into the wrong hands.
A blog post by Google’s threat analysis group (TAG) stated RCS Labs typically used “a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android”.
RCS Lab said in a statement to Reuters that it didn’t “participate in any activities conducted by the relevant customers,” while also condemning the abuse of its products.
Google found the hacks originated with a unique link sent to the target. Once the link was clicked, the page attempted to get the user to download and install a malicious application on either an Android or iOS phone.
“In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity,” the blog stated.
After the device was disabled, the attacker would send a link via SMS asking the target to install an application to restore their data connectivity.
Most of the applications masqueraded as mobile carrier applications. When ISPs weren’t involved, the applications masqueraded as messaging applications.
Milan-based RCS Labs, which was founded in 1993, states on its website that its tools are used by law enforcement agencies for “lawful interception” of private messages and contacts on targeted devices.
While RCS Lab claimed to not have anything to do with the hacks in Italy and Kazakhstan, Google TAG’s blog stated the commercial spyware industry was posing a threat by “enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house”.
Google notified the Android users of infected devices and made changes in Google Play Protect to safeguard users.
Comments