As part of Google’s hunt for commercial spyware vendors, the company’s Threat Analysis Group (TAG) on Thursday released a report on spyware activity targeting Android and iOS users.
Google TAG researchers Benoit Sevens and Clement Lecigne detail the use of enterprise-grade spyware known as “Hermit.” This sophisticated spyware tool allows attackers to steal data, private messages and make phone calls. In their report, the TAG researchers attributed Hermit to RCS Labs, an Italian-based commercial spyware vendor.
Hermits bring many major dangers. Due to its modularity, Hermit is very customizable, allowing the functionality of the spyware to be changed according to the user’s wishes. Once fully positioned on a target’s phone, attackers can gain access to sensitive information such as call logs, contacts, photos, precise locations, and SMS messages.
The full report by Sevens and Lecigne details how attackers gain access to Android and iOS devices by using clever tricks and drive-by attacks. Potential targets of this scam will disable their data through their ISP operator and then text a malicious link to have them “fix” the problem. If this doesn’t work, the target will be tricked into downloading a malicious app masquerading as a messaging app.
Spyware designed to track terrorists has also been used against journalists and activists
Just last week, cybersecurity firm Lookout reported on the use of Hermit by operatives working for the governments of Kazakhstan, Syria and Italy. Google has identified victims in these countries, saying that “TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure that sell vulnerabilities or surveillance capabilities to government-backed actors.”
The Milan-based company claims to have provided “the world’s law enforcement agencies with cutting-edge technological solutions and technical support in the field of lawful interception” for more than two decades. More than 10,000 intercepted targets are said to be processed every day in Europe alone.
When contacted by Hacker News for comment, RCS Labs said its “core business is the design, production and implementation of software platforms dedicated to lawful interception, forensic intelligence and data analysis” and “helps law enforcement prevent and investigate terrorism” Serious crimes such as conduct, drug trafficking, organised crime, child abuse and corruption.”
Still, news of state agents using spyware is worrying. Not only does it undermine trust in internet security, but it also endangers the life of anyone deemed an enemy of the state by the government, such as dissidents, journalists, human rights workers and opposition politicians.
“Addressing the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes collaboration between threat intelligence teams, cyber defenders, academic researchers, governments and technology platforms,” the Google TAG researchers wrote. Look forward to continuing our work in this area and improving the safety and security of our users around the world.”