The upcoming iOS 14.5, which will be released in the coming months, will have the…
According to Google TAG analysts, RCS Labs is just one of 30 spyware vendors they track. The Milan-based company claims to have been in business since 1993 and has been providing “law enforcement agencies around the world with advanced technology solutions and technical support in the field of legal monitoring and interception of information” for more than twenty years.
The researchers write that during the drive-by attacks, which were used to infect the devices of several victims, users were asked to install malicious applications (including those disguised as legitimate applications of mobile operators), ostensibly to return online after the Internet connection was interrupted on the provider’s side.
Analysts write that malicious applications deployed on victims’ devices were not available through the Apple App Store or Google Play stores. However, the attackers offered iOS malware (signed with a corporate certificate) and asked the victims to allow installation of apps from unknown sources.
The iOS app seen in these attacks had six built-in exploits that allowed privilege escalation on a compromised device and file theft:
As for the malicious Android application, it was delivered without exploits. At the same time, the malware had capabilities that allowed loading and executing additional modules using the DexClassLoader API.
Google says it has already notified Android device owners that their devices have been compromised and infected with spyware. The company also disabled Firebase projects used by attackers to set up the campaign’s management infrastructure.
I also must say that xperts from the security company Lookout studied in detail an Android malaware, named Hermit and published a threat report last week. According to them, Hermit is “modular spyware” that “abuses Accessibility services, can record audio, make and redirect phone calls, collect and steal data such as call logs, contacts, photos, device location and SMS messages.” messages.”
The researchers noted that the modularity of Hermit allows it to be customized for each specific victim, expanding or changing the functionality of the spyware depending on the requirements of the customer. At the same time, unfortunately, it was not possible to understand who was the target of the detected campaign, and which of the RCS Lab clients was associated with this.
Interestingly, according to Google TAG, seven of the nine zero-day vulnerabilities discovered in 2021 were developed by commercial spyware and vulnerability vendors and then sold to third parties and exploited by government hackers.
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…