Security News > 2022 > June > Google: How we tackled this iPhone, Android spyware
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base.
This app in fact infected the device with RCS's spyware.
Getting the app to download and run on iOS needed some extra steps due to the security measures in the operating system: for one thing, the app wasn't coming from the official App Store and thus would normally be rejected.
The snoops instead followed Apple's notes on how to distribute proprietary in-house apps to iThings, according to the Google bug hunters.
The iPhone app itself contains multiple parts, including a privilege-escalation exploit to escape from the sandbox in which it is run, along with an agent that can steal files from iOS devices.
Google notified all of the known Android victims, made changes in Google Play Protect to block the RCS code from running, and disabled the Firebase project used for command-and-control communications, we're told.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/24/spyware_iphones_android_isp/
Related news
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- Windows 11's Start menu is getting iPhone and Android integration (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)