Google has revealed(Opens in a new window) information about a spyware vendor called RCS Labs that, according to the company's Threat Analysis Group (TAG), has been caught targeting people in Italy and Kazakhstan.
TAG says that RCS Labs targeted iOS and Android devices alike with its spyware. "All campaigns TAG observed originated with a unique link sent to the target," TAG says. "Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS." Those malicious links appear to have arrived in two different flavors.
TAG says that one masqueraded as an app that could be used to restore the victim's mobile data connection—more on that in a moment—while the other pretended to be some kind of messaging app.
The former only works if someone has actually lost internet access on their phone, of course, and it seems RCS Labs had some assistance in that regard. "In some cases," TAG says, "we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity." The attacks then progressed based on what kind of smartphone a target uses.Read more on pcmag.com