Security News > 2022 > June > Spyware vendor works with ISPs to infect iOS and Android users
Google's Threat Analysis Group revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.
RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.
The attackers sideloaded the iOS versions and asked the target to enable the installation of apps from unknown sources.
The iOS app spotted in these attacks came with several built-in exploits allowing it to escalate privileges on the compromised device and steal files.
Google has warned Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.
In May, Google TAG exposed another campaign in which state-backed threat actors used five zero-day security flaws to install Predator spyware developed by commercial surveillance developer Cytrox.
- Spyware vendor targets iOS and Android in Italy and Kazakhstan, collaborates with ISP (source)
- Google Warns Spyware Being Deployed Against Android, iOS Users (source)
- Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits (source)
- Google: Predator spyware infected Android devices using zero-days (source)
- Predator spyware sold with Chrome, Android zero-day exploits to monitor targets (source)
- FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure (source)
- FluBot Android Spyware Taken Down in Global Law Enforcement Operation (source)
- Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (source)
- Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy (source)
- Google: How we tackled this iPhone, Android spyware (source)