iOS and Android under attack: spyware hits Italian users

There is a new danger for Italian users of Android And iOSand it’s Google herself to reveal it through hers Project Zerothe team of the company that has the task of to discover And report privately the security defects found in the products.

The report, released Thursday, shows i details of this attack, which lies behind it an application then turned out one spyware that steals your personal information. According to Google, the person responsible for this attack is an Italian company, RCS Labswhich targeted the users in Italy, but also in Kazakhstan, using “a combination of tactics” including an atypical drive-by download attack as an initial infection vector. Furthermore Google claims that this types of attacks are developed by commercial suppliers to then be sold and used by actors supported by governments.

How Spyware Affects

But how does it work this attack? According to Google, all observed campaigns originated with a link sent to the target. In some cases, the company believes the managers have partnered with the target ISP to disable mobile data connectivity. Once disabled, the attacker sent a malicious link via SMS asking the target to install an application for retrieve connectivity or account data.

Once the victim logged on to the site indicatedhe was shown real logos and realistic requests for the account resetwith the link to download the malicious application hidden behind buttons and icons official looking. Most applications were disguised as applications for mobile operators and when ISP involvement was not possible, applications looked like messaging applications or some phone manufacturers.

From the point of view technicianThe version Spyware Android was using a .apk (no need for special certificates) that once installed it obtained authorizations such as network access, user credentials, contact details and reading of the external storage devices provided. Google has issued a series of warnings for the victims of this campaign, has made changes to Google Play Protect and disabled some Firebase projects used by attackers. In any case, the Advice is always to not click on links received via SMS and not to install applications outside the Play Store.

But the victims with iOS? They were induced to install a certificate intended for businesses that allowed the malicious app to bypass protections of the App Store against sideloading. The version iOS of the spyware it was divided into several parts and used six different exploits system, of which four attributable to the community of jailbreakfor bypass the verification level and unlock root access in order to extract information from the device.

Fortunately for users iOSsandboxing made it possible to limit the amount of data extracted: in most cases the local WhatsApp database was obtained. As you can understand, the danger here is the installation of a special certificate. We still don’t know if Apple invalidated itbut the advice is the same as for Android: never click on links received via SMS.