The Google Threat Analysis Group recently (TAG) reported that Android and iOS users in Italy and Kazakhstan have been infected with spyware.
RCS Labs is our guilty vendor in question. It operates out of Italy, providing all sorts of data services (and the occasional malware) to all customers. The Google TAG has kept its eye on RCS Labs for quite a while, along with an assortment of other such net services vendors. The group has also previously published findings and exposes regarding such individuals or establishments, often reporting on some sort of cybersecurity threat they either intentionally or unknowingly caused. The group’s target for today, RCS Labs, is definitely on the more intentional side of things, as it not only caused harm to many customers across Italy, but also utilized a hoard of internet service providers to do so. Then again, this only provides us with the setting of this particular cybersecurity escapade. Let’s take a look into how it was executed, and what this means for internet users in such afflicted areas.
A tl;dr version of this entire story would be calling it an incredibly elaborate phishing attack. Anyone who’s gone through my writings for this online magazine with even the most cursory of glances is probably familiar with phishing attacks; hoaxes that encourage users to give up private user data or download harmful content under the guise of helpful prompts. The prompt can often show up as a fake webpage asking users to login to win a prize, or even as an imitation of a Facebook login link. In this case, however, the prompt isn’t just sent a user’s way. Instead, internet service providers (RCS Labs) will disconnect a user from their internet. Then, a prompt will be sent their way via SMS, asking users to download a linked application in order to resume online surfing. The unsuspecting user, recognizing said number as belonging to their internet service provider, will acquiesce; to their detriment entirely.
Once the application is downloaded, it can access privileged documents and sensitive information. Credit card numbers, social security details, home addresses, all are now fully available to our original vendor to exploit at their leisure. The TAG has published a list of vendors they have either found guilty or illegal that operate within Italy and Kazakhstan. Users within these areas should go through the list, and are encouraged to maintain vigilance.
Read next: Here’s How Much Stolen Data is Sold For on the Dark Web
RCS Labs is our guilty vendor in question. It operates out of Italy, providing all sorts of data services (and the occasional malware) to all customers. The Google TAG has kept its eye on RCS Labs for quite a while, along with an assortment of other such net services vendors. The group has also previously published findings and exposes regarding such individuals or establishments, often reporting on some sort of cybersecurity threat they either intentionally or unknowingly caused. The group’s target for today, RCS Labs, is definitely on the more intentional side of things, as it not only caused harm to many customers across Italy, but also utilized a hoard of internet service providers to do so. Then again, this only provides us with the setting of this particular cybersecurity escapade. Let’s take a look into how it was executed, and what this means for internet users in such afflicted areas.
A tl;dr version of this entire story would be calling it an incredibly elaborate phishing attack. Anyone who’s gone through my writings for this online magazine with even the most cursory of glances is probably familiar with phishing attacks; hoaxes that encourage users to give up private user data or download harmful content under the guise of helpful prompts. The prompt can often show up as a fake webpage asking users to login to win a prize, or even as an imitation of a Facebook login link. In this case, however, the prompt isn’t just sent a user’s way. Instead, internet service providers (RCS Labs) will disconnect a user from their internet. Then, a prompt will be sent their way via SMS, asking users to download a linked application in order to resume online surfing. The unsuspecting user, recognizing said number as belonging to their internet service provider, will acquiesce; to their detriment entirely.
Once the application is downloaded, it can access privileged documents and sensitive information. Credit card numbers, social security details, home addresses, all are now fully available to our original vendor to exploit at their leisure. The TAG has published a list of vendors they have either found guilty or illegal that operate within Italy and Kazakhstan. Users within these areas should go through the list, and are encouraged to maintain vigilance.
Read next: Here’s How Much Stolen Data is Sold For on the Dark Web