As part of Google’s efforts to track the activities of commercial spyware vendors, the company’s Threat Analysis Group (TAG) released a report Thursday on spyware campaigns targeting Android and iOS users.
Google TAG researchers Benoit Sevens and Clement Lecigne go into detail about the use of entrepreneurial grade spyware dubbed “Hermit.” This sophisticated spyware tool allows attackers to steal data, private messages and make phone calls. In their report, TAG researchers attributed Hermit to RCS Labs, a commercial spyware vendor based in Italy.
Hermit poses have many significant dangers. Due to its modularity, Hermit is quite customizable, allowing the functions of the spyware to be altered to the will of its user. Once fully situated on a target’s phone, attackers can harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages.
Sevens and Lecigne’s full report details the ways in which attackers can access both Android and iOS devices through the use of clever tricks and drive-by attacks. Potential targets of this scam will have their data disabled through their ISP carrier before sending a malicious link via text to get them to ‘fix’ the issue. If that doesn’t work, targets will be tricked into downloading malicious apps masqueraded as messaging applications.
Spyware meant to track terrorists was used against journalists and activists, too
Just last week, cybersecurity firm Lookout reported the use of Hermit by agents working in the governments of Kazakhstan, Syria, and Italy. Google has already identified victims in these countries, stating that “TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.”
The Milan-based company claims to provide “law enforcement agencies worldwide with cutting-edge technological solutions and technical support in the field of lawful interception for more than twenty years.” More than 10,000 intercepted targets are purported to be handled daily in Europe alone.
When reached out for comment by The Hacker News, RCS Labs said its “core business is the design, production, and implementation of software platforms dedicated to lawful interception, forensic intelligence, and data analysis” and that it “helps law enforcement prevent and investigate serious crimes such as acts of terrorism, drug trafficking, organized crime, child abuse, and corruption.”
Still, the news of the spyware being used by state government agents is concerning. Not only does it erode trust in the safety of the internet but it also puts at risk the lives of anyone a government considers an enemy of the state such as dissidents, journalists, human rights workers, and opposition party politicians.
“Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers, governments, and technology platforms,” Google TAG researchers wrote. “We look forward to continuing our work in this space and advancing the safety and security of our users around the world.”