Whoops! Malignant Spyware Targets Android and iPhone Users


 Google has revealed that spyware made by an Italian company was used to spy on Android and iPhone users. Spyware called Hermit is used to snoop on private messages and contacts on infected phones.

Google says the spyware was developed by an Italian company called RCS Lab, whose services have been used by several law enforcement agencies in Europe. Spyware Hermit was found to have attacked mobile phone users in Italy and Kazakhstan.


"These vendors enable the enrichment of malicious hacking tools and arm governments that would not be able to develop these capabilities domestically," Google said in the report.



An Apple spokesman said it had revoked all accounts and certificates associated with this hacking campaign. Google has also warned Android users about this spyware threat.


The spyware industry has been in the spotlight since reports of the NSO Group's Pegasus spyware being used by several countries to spy on journalists, activists and dissidents.



Although RCS Lab's spyware isn't as vicious as Pegasus, it can still read messages and snoop on victims' passwords, according to Citizen Lab security researcher Bill Marczak.


"This shows that even though these devices are ubiquitous, there is still a long way to go to secure them from this powerful attack," said Marczak.


On its official website, RCS Lab says it is a manufacturer of compliant wiretapping technology, including for voice, data collection and tracking systems. RCS Lab claims to have 10,000 intercepted targets every day in Europe.


RCS Lab says their products and services comply with European regulations and help law enforcement investigate crimes. They also condemn those who abuse their products.



Google security researchers found that RCS Lab had previously collaborated with Italian spy company Hacking Team, which has now disbanded.


In some cases, Google said the hackers who used the Hermit spyware were collaborating with the internet service providers used by the targets, indicating they had links to government-backed hackers.

Previous Post Next Post

Contact Form