iTnews
  • Home
  • News
  • Technology
  • Security

Threat actors worked with ISPs to plant malware from Italian spyware vendor

By Juha Saarinen on Jun 24, 2022 7:00AM
Threat actors worked with ISPs to plant malware from Italian spyware vendor

EU Parliamentary hears how RCS Labs tactics are used to target victims.

Google's Threat Analysis Group (TAG) has told the European Union Parliament that commercial surveillance vendors are now using capabilities and exploits only available to governments in the past to target victims, including working with internet service providers to plant malware on users' devices.

TAG is tracking over 30 spyware vendors selling exploits and surveillance capabilities to government-sponsored actors, and Google is seeking to disrupt that industry which it says undermines trust and makes the Internet less safe.

Google is warning that the commercial spyware industry is thriving and growing, and while use of the capabilities might legal under national and international law, they are often used by governments to target dissidents, journalists, human rights activists and for purposes antithetical to democratic values.

Among the spyware vendors tracked by TAG and Google's Project Zero security researchers is Italy's RCS Labs.

RCS Labs' capabilities have been used last year to target victims in Italy and Kazakhstan with unique links sent to victims Android and Apple iOS devices.

TAG believes that in some cases, the threat actors would work with the ISP used by the victims to switch off data connectivity.

"Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.

We believe this is the reason why most of the applications masqueraded as mobile carrier applications," researchers Benoit Sevens and Clement Lecigne of TAG wrote.

If ISP cooperation was not possible, the threat actors would use fake messaging applications.

On Android, the malware was disguised as a legitimate Samsung app, using the Korean company's logo on the icon.

One app analysed by TAG contained no fewer than six different exploits to obtain privilege escalation and data exfiltration.

Spyware vendors stockpiling zero-days and exploits are a risk by themselves, as they become targets of other malicious actors and are often compromised in attacks.

Google said the commercial surveillance industry practices are harmful, and need a robust and comprehensive response.

This includes cooperation among threat intelligence teams, network defenders, academic researchers, governments, and multiple technology platforms.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
googleproject zerosecuritytagthreat analysis group

Partner Content

Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Digital signatures propel Australian Unity with rapid time to value
Digital signatures propel Australian Unity with rapid time to value
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Jun 24 2022
7:00AM
0 Comments

Related Articles

  • Poor patching creates easy zero-day vulnerability reuse
  • Record number of same-old zero days detected in 2021
  • NSO Group used fake GIFs to hack Apple iMessage
  • Google cleans up after Glupteba malware botnet
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov
Google Cloud IoT Core goes on the end-of-life list

Google Cloud IoT Core goes on the end-of-life list
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Digital Nation

Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
Save the Date — Digital Nation Live launches on October 25
Save the Date — Digital Nation Live launches on October 25
Edge and IoT critical to Web3 infrastructure
Edge and IoT critical to Web3 infrastructure
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.