Security specialists from Google’s Threat Analysis Group (TAG) and Project Zero discovered a new spyware variant for iOS and Android. The spyware was developed by RCS Lab, an Italian company.
According to the security specialists, the spyware has surfaced on the smartphones of victims in Italy and Kazakhstan. The spyware is installed on victims’ iOS and Android devices via atypical drive-by downloads.
The spyware is known to researchers by different names. For instance, earlier this week, Lookout detailed and called the spyware ‘Hermit’ in an early report. Victims are sent a unique link to their mobile device. Upon clicking, the opened webpage attempts to download and install a malicious application.
In some cases, the spreaders of the spyware are said to be working together with operators. Some victims had their mobile connection temporarily disabled. The same victims received an SMS request to download an application to restore their mobile connection. In other cases, the spyware is disguised as a mobile operator application.
The spyware from Italia’s RCS Lab is reminiscent of Pegasus, a product developed by Israeli company NSO Group. Pegasus has been found in several countries. The spyware operates undetected and taps all traffic from infected smartphones. Though RCS Lab’s spyware is supposedly less invasive than Pegasus, both programs monitors message traffic, contact lists and passwords.
Apple and Google measures
Apple and Android have taken measures to prevent the software from operating. Apple withdrew all known developer accounts and certificates associated with the campaign. Google informed Android users about the software.