Security News > 2022 > June > Google: How we tackled this iPhone, Android spyware
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base.
This app in fact infected the device with RCS's spyware.
Getting the app to download and run on iOS needed some extra steps due to the security measures in the operating system: for one thing, the app wasn't coming from the official App Store and thus would normally be rejected.
The snoops instead followed Apple's notes on how to distribute proprietary in-house apps to iThings, according to the Google bug hunters.
The iPhone app itself contains multiple parts, including a privilege-escalation exploit to escape from the sandbox in which it is run, along with an agent that can steal files from iOS devices.
Google notified all of the known Android victims, made changes in Google Play Protect to block the RCS code from running, and disabled the Firebase project used for command-and-control communications, we're told.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/24/spyware_iphones_android_isp/
Related news
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)
- 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)
- Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users (source)