Security News > 2022 > June > Spyware vendor works with ISPs to infect iOS and Android users

Spyware vendor works with ISPs to infect iOS and Android users
2022-06-23 17:07

Google's Threat Analysis Group revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.

RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.

The attackers sideloaded the iOS versions and asked the target to enable the installation of apps from unknown sources.

The iOS app spotted in these attacks came with several built-in exploits allowing it to escalate privileges on the compromised device and steal files.

Google has warned Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.

In May, Google TAG exposed another campaign in which state-backed threat actors used five zero-day security flaws to install Predator spyware developed by commercial surveillance developer Cytrox.


News URL

https://www.bleepingcomputer.com/news/security/spyware-vendor-works-with-isps-to-infect-ios-and-android-users/