Google says threat actors and ISPs teamed up to spread spyware


A study published by Google’s Threat Analysis Group (TAG) claims that internet service providers (ISPs) participated in a spyware campaign, including disabling victims’ mobile data.

The tech giant’s findings appear to back up similar claims made by Lookout’s security research team, which linked the spyware to RCS Laboratories, a company that provides “technical support” to law enforcement.

Although spyware is a powerful class of malware, a anti-virus software program designed for mobile would be your best line of defense – companies like Avast provide mobile security software, including free software with anti-spyware features.

What did Google and Lookout find?

from google Threat Analysis Groupwhich “has been tracking the activities of commercial spyware vendors for years,” says RCS Labs uses “pop-up downloads” as infection vectors to target iOS and Android users with a class of modular surveillance software called Hermit.

All of the devices currently identified as infected with the spyware, according to Google, are based in Kazakhstan and Italy – the latter also being the location of RCS Labs.

The campaigns began with one-time links sent to targets, and once clicked, the page attempted to trick the user into downloading a malicious application.

Google believes the attackers actively worked with the victims’ internet service providers to cut off their internet connectivity, in an effort to trick them into clicking on a malicious link to restore connectivity to normal.

This saved Lookout earlier, similar complaints about the Hermit. Its security researchers have been monitoring the spyware in Kazakhstan since April, “four months after the violent crackdown on nationwide protests against government policies”, and also noted that it observed its use in Italy as early as 2019 during a anti-corruption operation.

According to Lookout, the Hermit spyware can record audio and redirect phone calls from infected devices. It will also collect data including call logs, contacts, photos, text messages and location information.

RCS Labs: who are they and what do they do?

Lookout claims that RCS Labs is a similar entity to the NSO Group – the organization behind the Pegasus Spyware that made headlines last year – and effectively creates spyware for government agencies.

Lookout says these companies collectively pose as “lawful interception” companies, but their products, services and tools are then insidiously deployed in the name of national security.

In a statement given to TechCrunch, RCS Labs said its products operate “in compliance with national and European rules and regulations.”

“Any sale or implementation of products is only carried out after having received an official authorization from the competent authorities. Our products are delivered and installed in the premises of approved customers. RCS Lab personnel are not exposed to or involved in any activities conducted by affected customers,” the company added.

Can you protect yourself against spyware?

Stories like this make you think, “Is there anything I can do – or software I can download – that will help protect me?” With spyware, it’s pretty hard to tell, especially when used by powerful government agencies or sophisticated threat groups.

It is not clear if a VPN would have helped users in this situation. VPNs make it virtually impossible for your internet service provider to attribute the traffic you generate to you, and are a great tool for fighting government censorship and maintaining your privacy – but you need something else to protect yourself. against things like Hermit.

Your best bet against spyware is undoubtedly mobile antivirus software. Avastfor example, has a free spyware removal and cleaning tool available for Android and iOS (as well as Mac), as well as a premium security offering with a host of features.

Considering the sophistication and ubiquity of spyware like Hermit, it’s definitely worth downloading.


Comments are closed.