Italian spyware farm’s hacking tools target Apple, Android phones

An Italy-based firm’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google said Thursday, casting a light on a ‘flourishing’ spyware industry.

Google’s threat analysis team said spyware made by RCS Lab targeted the phones using a combination of tactics including unusual ‘drive-by downloads’ that happen without victims being aware.

Concerns over spyware were fueled by media outlets reporting last year that Israeli firm NSO’s Pegasus tools were used by governments to surveil opponents, activists and journalists.

‘They claim to only sell to customers with legitimate use for surveillance ware, such as intelligence and law enforcement agencies,’ mobile cybersecurity specialist Lookout said of companies like NSO and RCS.

‘In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,’ Lookout added.

Google’s report said the RCS spyware it uncovered, and which was dubbed ‘Hermit’, is the same one that Lookout reported on previously.

Lookout researchers said that in April they found Hermit being used by the government of Kazakhstan inside its borders to spy on smartphones, just months after anti-government protests in that country were suppressed.

‘Like many spyware vendors, not much is known about RCS Lab and its clientele,’ Lookout said. ‘But based on the information we do have, it has a considerable international presence.’

Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.

Analysis of Hermit showed that it can be employed to gain control of smartphones, recording audio, redirecting calls, and collecting data such as contacts, messages, photos and location, Lookout researchers said.

Google and Lookout noted the spyware spreads by getting people to click on links in messages sent to targets.

‘In some cases, we believe the actors worked with the target’s ISP (internet service provider) to disable the…