Security News > 2022 > June > Google: How we tackled this iPhone, Android spyware

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base.

This app in fact infected the device with RCS's spyware.

Getting the app to download and run on iOS needed some extra steps due to the security measures in the operating system: for one thing, the app wasn't coming from the official App Store and thus would normally be rejected.

The snoops instead followed Apple's notes on how to distribute proprietary in-house apps to iThings, according to the Google bug hunters.

The iPhone app itself contains multiple parts, including a privilege-escalation exploit to escape from the sandbox in which it is run, along with an agent that can steal files from iOS devices.

Google notified all of the known Android victims, made changes in Google Play Protect to block the RCS code from running, and disabled the Firebase project used for command-and-control communications, we're told.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/24/spyware_iphones_android_isp/