Google Warns of New Spyware Targeting iOS and Android Users

The NSO group told European legislators that at least five EU countries have used its software. NSO's products have been abused around the world and researchers are trying to raise awareness that the industry goes beyond one company. On Thursday, the Threat Analysis Group and Project Zero vulnerability analysis team published ed findings about a product attributed to the Italian developer.

According to researchers, victims of the spyware were found in Italy and Kazakhstan on both mobile phones and tablets. Last week, the security firm Lookout published findings about theAndroid version of the spyware, which it calls "Hermit." Italian officials used a version of the software during the anti- corruption probe. Lookout found that an unidentified entity used the spyware for targeting in northeastern Syria, as well as victims in Italy and Kazakhstan.

TAG security engineer Clement Lecigne tells WIRED that the industry has rapidly expanded from a few vendors to an entire ecosystems due to the tracking of the activities of commercial spyware vendors bygoogle. Governments that would not be able to develop their own hacking capabilities are being helped by these vendors. Information about these vendors and their capabilities is important because there is little or no transparency into this industry. More than 30 spyware makers are tracked by TAG, which offers an array of technical capabilities and levels of sophistication to government clients.

A fake app meant to look like a popular mobile carrier's app was used by attackers to distribute the iOS spyware. Attackers may have tricked victims into clicking on a malicious link in order to download a messaging app. In some cases, attackers may have been working with local internet service providers to cut off a specific user's mobile data connection, send them a malicious download link, and convince them to install a fake app on their phone.

The attackers were able to distribute the malicious app because they were able to sideload it without going through the usual AppStore review process.

The accounts and certificates associated with the campaign have been revoked, according to Apple.

According to the company, enterprise certificates are meant for internal use by a company, and are not intended for general app distribution, as they can be used to circumvent App Store andiOS protections. Bad actors have found unauthorized ways to access the program by purchasing enterprise certificates on the black market.