Italian spyware used to target Apple and Android phones, says Google
News comes as NSO says Pegasus spyware used by at least five EU countries
Spyware and hacking tools developed by Milan-based RCS Lab were used to hack Apple and Android phones in Italy and Kazakhstan, according a report by Google.
The Italian firm reportedly created surveillance tools to spy on private communications and contacts of the targeted devices.
On its website, RCS Lab describes itself as a provider of "lawful interception" technologies and services, including tracking, data collecting, and voice systems.
The firm claims that its products and services are compliant with European regulations and support criminal investigations by law enforcement.
It manages 10,000 intercepted targets per day in Europe alone, according to its website.
The firm said that its employees were not exposed and that they do not take part in any activities that are carried out by the relevant clients. It also denounced any misuse of its products.
The Google Threat Analysis Group (TAG) researchers said RCS Lab targets mobile users on both iOS and Android using a variety of strategies, including atypical drive-by downloads as initial infection vectors.
The researchers found that each campaign began with a unique link that was sent to its intended recipient. After the user clicked on the links, the page attempted to trick them into downloading and installing a malicious programme on their mobile device.
Google thinks that in certain instances, the attackers coordinated with the target's ISP to turn off mobile data access. After the target's data connection was disconnected, the attacker would give them a malicious link through SMS asking them to install a programme to restore it.
"We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications," Google said.
Previously, the RCS Lab had worked with the infamous Italian espionage outfit Hacking Team, which is no longer in business.
Hacking Team had also developed surveillance software for foreign governments to use in order to hack into phones and computers.
According to Reuters, Hacking Team went bust after it was the target of a significant hack in 2015 that exposed a large number of internal data.
According to Bill Marczak, a security researcher with the digital watchdog Citizen Lab, the spyware developed by RCS Lab may not be as stealthy as the Pegasus spyware developed by the Israeli spying company NSO Group, but it is still capable of reading messages and seeing passwords.
In addition to warning users about the spyware, Google said it had taken steps to secure the Android OS.
An Apple spokesperson told Reuters that the firm had terminated all the identified accounts and certificates associated with the hacking operation.
In recent years, there has been a rise in the worldwide spyware industry catering to governmental needs.
"These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house," Google says.
According to the tech giant, TAG is actively monitoring around 30 vendors with varied degrees of sophistication and public exposure that offer exploits or surveillance tools to actors with support from the government.
"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits. This makes the Internet less safe and threatens the trust on which users depend," it added.
Pegasus used in five European countries
In related news, it is reported that NSO Pegasus spyware has been used by European governments to snoop on the citizens. The revelation comes after an EU investigation published an interim report on the use of NSO Pegasus spyware by European countries.
Politico reports that during questioning by lawmakers on Tuesday, NSO Group's general counsel, Chaim Gelfand, said at least five EU countries had used Pegasus, and that he would return to MEPs with a "more concrete number".