Security News > 2022 > June > Google: How we tackled this iPhone, Android spyware
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base.
This app in fact infected the device with RCS's spyware.
Getting the app to download and run on iOS needed some extra steps due to the security measures in the operating system: for one thing, the app wasn't coming from the official App Store and thus would normally be rejected.
The snoops instead followed Apple's notes on how to distribute proprietary in-house apps to iThings, according to the Google bug hunters.
The iPhone app itself contains multiple parts, including a privilege-escalation exploit to escape from the sandbox in which it is run, along with an agent that can steal files from iOS devices.
Google notified all of the known Android victims, made changes in Google Play Protect to block the RCS code from running, and disabled the Firebase project used for command-and-control communications, we're told.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/24/spyware_iphones_android_isp/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New Android spyware found on phone seized by Russian FSB (source)