Security News

A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group said in a Thursday report.

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware.

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. This app in fact infected the device with RCS's spyware.

NSO Group told European lawmakers this week that "Under 50" customers use its notorious Pegasus spyware, though these customers include "More than five" European Union member states. Generally speaking, a target selected by an NSO customer has their phone or other device infected with hidden spyware via the exploitation of one or more security vulnerabilities.

Google's Threat Analysis Group revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.

An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed "Hermit." Hermit is an advanced, modular program developed by RCS Lab, a notorious Italian company that specializes in digital surveillance.

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.

An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information - passwords, online banking details, etc. The Dutch Police, who took control of the malware's infrastructure earlier in May, made the malware inactive.

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.