• Latest
  • Trending
Spyware vendor works with ISPs to infect iOS and Android users

Spyware vendor works with ISPs to infect iOS and Android users

July 11, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 2 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Spyware vendor works with ISPs to infect iOS and Android users

by ITECHNEWS
July 11, 2022
in Infosec, Leading Stories
0 0
0
Spyware vendor works with ISPs to infect iOS and Android users

Google’s Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.

RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

During attacks that used drive-by-downloads to infect multiple victims, the targets were prompted to install malicious apps (camouflaged as legitimate mobile carrier apps) to get back online after their Internet connection was cut with the help of their ISP.

“In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity,” the report claims.

“Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.”

If they couldn’t directly work with their targets’ ISPs, the attackers would disguise the malicious apps as messaging applications.

They pushed them using a made-up support page that claimed to help the potential victims recover their Facebook, Instagram, or WhatsApp suspended accounts.

However, while the Facebook and Instagram links would allow them to install the official apps, when clicking the WhatsApp link they would end up installing a malicious version of the legitimate WhatsApp app.

Multiple exploits (some of them zero-days) used for surveillance

Google says the malicious apps deployed on the victims’ devices weren’t available in the Apple App Store or Google Play. However, the attackers sideloaded the iOS version (signed with an enterprise certificate) and asked the target to enable the installation of apps from unknown sources.

The iOS app spotted in these attacks came with several built-in exploits allowing it to escalate privileges on the compromised device and steal files.

“It contains a generic privilege escalation exploit wrapper which is used by six different exploits. It also contains a minimalist agent capable of exfiltrating interesting files from the device, such as the Whatsapp database,” the analysts explained.

In all, it bundled six different exploits:

  • CVE-2018-4344 internally referred to and publicly known as LightSpeed.
  • CVE-2019-8605 internally referred to as SockPort2 and publicly known as SockPuppet
  • CVE-2020-3837 internally referred to and publicly known as TimeWaste.
  • CVE-2020-9907 internally referred to as AveCesare.
  • CVE-2021-30883 internally referred to as Clicked2, marked as being exploited in-the-wild by Apple in October 2021.
  • CVE-2021-30983 internally referred to as Clicked3, fixed by Apple in December 2021.

“All exploits used before 2021 are based on public exploits written by different jailbreaking communities. At the time of discovery, we believe CVE-2021-30883 and CVE-2021-30983 were two 0-day exploits,” they added.

On the other hand, the malicious Android app came with no bundled exploits. Still, it featured capabilities that would allow it to download and execute additional modules using the DexClassLoader API.

Some victims notified their devices were compromised

Google has warned Android victims that their devices were hacked and infected with spyware, dubbed Hermit by security researchers at Lookout in a detailed analysis of this implant published last week.

According to Lookout, Hermit is “modular surveillanceware” that “can record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.”

Google has also disabled the Firebase projects used by the threat actors to set up a command-and-control infrastructure for this campaign.

In May, Google TAG exposed another campaign in which state-backed threat actors used five zero-day security flaws to install Predator spyware developed by commercial surveillance developer Cytrox.

“TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors,” Google said at the time.

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: Spyware vendor works with ISPs to infect iOS and Android users
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version