*Google is cracking down on spyware campaigns targeting Android and iOS users.
The company’s Threat Analysis Group (TAG) released a report Thursday that warn about sophisticated spyware dubbed “Hermit.” Per Mashable, this “tool allows attackers to steal data, private messages and make phone calls.”
In their report, TAG researchers Benoit Sevens and Clement Lecigne “attributed Hermit to RCS Labs, a commercial spyware vendor based in Italy,” per the report.
The Indian Express writes, “According to Google’s TAG team, all campaigns started with a unique link sent to the victim’s phone. When the user clicked, the page installed the application on both Android and iOS.”
Per The Verge, “The spyware can infect both Android and iPhones by disguising itself as a legitimate source, typically taking on the form of a mobile carrier or messaging app.”
“Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers, governments, and technology platforms,” Google TAG researchers wrote. “We look forward to continuing our work in this space and advancing the safety and security of our users around the world.”
Here’s more from the report:
Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows the spyware to access the call records, location, photos, and text messages on a victim’s device. Hermit’s also able to record audio, make and intercept phone calls, as well as root to an Android device, which gives it full control over its core operating system.
“Potential targets of this scam will have their data disabled through their ISP carrier before sending a malicious link via text to get them to ‘fix’ the issue. If that doesn’t work, targets will be tricked into downloading malicious apps masqueraded as messaging applications,” per Mashable.
“TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors,” Google said in a statement.
RCS is reportedly a Milan-based company that claims to provide “law enforcement agencies worldwide with cutting-edge technological solutions and technical support in the field of lawful interception for more than twenty years.”
RCS Labs told The Hacker News that its “core business is the design, production, and implementation of software platforms dedicated to lawful interception, forensic intelligence, and data analysis” and that it “helps law enforcement prevent and investigate serious crimes such as acts of terrorism, drug trafficking, organized crime, child abuse, and corruption.”