Image: Google

Google has identified RCS Labs as the spyware vendor that has been targeting iOS and Android users in Italy and Kazakhstan with links to malicious applications. In some cases, “actors worked with the target’s ISP to disable the target’s mobile data connectivity,” Google wrote, and “once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.” Infected devices can send user data to over a dozen domains. “Basic infection vectors and drive-by downloads still work and can be very efficient with the help from local ISPs,” Google warned.

Image: Google

Today, alongside Google’s Project Zero, we are detailing capabilities we attribute to RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android. We have identified victims located in Italy and Kazakhstan.

Campaign Overview
All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.

Source: Google

Go to thread

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Peter Brosdahl

As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my...

0 comments

Leave a comment

Please log in to your forum account to comment