Written by AJ Vicens
Jun 23, 2022 | CYBERSCOOP
The little-known Italian spyware firm RCS Labs worked with unnamed internet service providers to install malicious apps on targets’ phones in Italy and Kazakhstan, researchers with Google’s Threat Analysis Group said Thursday.
In some cases, where ISP involvement wasn’t possible, Google researchers said the firm sent fake warning messages to targets telling them to click a link to restore access to a popular messaging app. The link would then install a malicious version of the app, giving the firm’s customers access to the device.
Google Threat Analysis Group
“Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits,” Google’s Benoit Sevens and Clement Lecigne researchers wrote. “This makes the Internet less safe and threatens the trust on which users depend.”
Ian Beer, a researcher Google’s Project Zero, which studies previously undisclosed hardware and software vulnerabilities, published a detailed analysis of the since-fixed iOS vulnerability the firm used in its fake mobile phone provider app. The memory corruption exploitation at work is akin to the FORCEDENTRY zero-click exploit exposed late last year and developed by Israel’s NSO Group, Beer wrote.
“Both reveal the stunning depth of attack surface available to the motivated hacker,” Beer wrote. “And both show that defensive security research still has a lot of work to do.”
NSO Group and another Israeli firm, Candiru, were added to