This dangerous malware is an alternative to Pegasus and can spy on an Android by disguising itself as an official app

Google has warned of dangerous spyware aimed at Android phones and was created by an Italian security company for governments interested in stealing data from mobile phones. Camouflaged under official Samsung or mobile operator applications, the attackers encouraged the user to install the malware, even disconnecting mobile connectivity remotely; with the complicity of the operators themselves.

Unfortunately, Android ‘s relationship with malware is somewhat close, and not because this system is in itself more prone to being infected: given the larger fleet of devices, it will always be easier to find an Android to attack than an iPhone . Of course, Apple phones are not free from attacks, the example of Pegasus is as recent as it is devastating. And it’s not the only malware created explicitly for governments and security agencies.

Malware camouflaged with the help of even the operators

Google has denounced the malicious software created by RCS Lab , a security agency reminiscent of NSO Group, the Israeli company responsible for the already legendary Pegasus. Said RCS Lab is an Italian company that specializes in creating software with which to obtain information that may not be possible using more “traditional” tools . This is specified by the company itself on its website (the use of quotes is devastating).

As Google specifies in an article dedicated to denouncing malicious software , its mode of action was so sophisticated that it allowed it to camouflage itself under supposedly official applications in order to completely deceive the user by forcing them to install the spyware via APK.

The attack tool created by RCS Lab can pass itself off as an official Samsung application, one from the operator and even a messaging application, everything depends on the environment in which the target mobile moves . As specified by Google, the agencies that use the malware can even cut off the Internet access of the attacked person in order to send them a download link by SMS, pretending to be their operator. The promise of reestablishing the connection after installing the app would make it easy for those who suffered the attack to fall into the trap, especially since their own operator would have collaborated to make the deception more credible .

Once the stumbling block of malware installation has been overcome, the application could take complete control of the phone by downloading the necessary “exploits” and executing them . Google points out that the malicious APK does not include attack tools itself, but it does open the door for the agencies that control malware to remotely execute what they need. It could create a kind of “back door” in the phone without its owner being aware of it.

The RCS Lab app has been used to attack Italian and Kazakhstan users, that’s what Google has detected. However, RCS Lab sells its software to any other security agency , so it would not be surprising if it ended up spreading to more countries.