Security News > 2022 > June > Spyware vendor targets iOS and Android in Italy and Kazakhstan, collaborates with ISP
The iOS application does not trigger any alert since it is signed with a certificate from a company named 3-1 Mobile SRL, enrolled in the Apple Developer Enterprise Program.
The Android malicious software requires the targeted user to allow the installation of applications from unknown sources.
While the application does not contain any exploit triggers, it has the ability to download and run exploits.
Google's TAG team reports that they "Believe the actors worked with the target's ISP to disable the target's mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masquerade as mobile carrier applications."
Users should never run any software from an insecure source out of any legitimate application store.
Users should always carefully check the permissions requested by the application when run for the first time.
News URL
https://www.techrepublic.com/article/spyware-targets-italy-kazakhstan/
Related news
- Why Italy Sells So Much Spyware (source)
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)