An Italy-based firm's hacking tools were used to spy on Apple and Android phones in Italy and Kazakhstan, casting a light on a flourishing industry of spyware, Google said Thursday.
Google's threat analysis team said that spyware made by RCS Lab targeted the phones with a combination of tactics such as unusual drive-by downloads that happen without victims being aware.
Media outlets reported last year that Israeli firm NSO's Pegasus tools were used by governments to spy on opponents, activists and journalists.
They claim to only sell to customers with legitimate use for surveillanceware, such as intelligence and law enforcement agencies, according to Lookout's mobile cybersecurity specialist Lookout, who said of companies like NSO and RCS.
Lookout said such tools have been abused under the disguise of national security to spy on business executives, human rights activists, journalists, academics, and government officials.
Google's report said the RCS spyware it discovered was Hermit, the same one that Lookout reported on previously.
In April, Lookout researchers found Hermit being used by the government of Kazakhstan inside its borders to spy on its phones, just months after anti-government protests in the country were suppressed.
Like many spyware vendors, not much is known about RCS Lab and its clientele, Lookout said. It has a considerable international presence based on the information we do have. The mobile security company said that Hermit was used in a predominantly Kurdish region of Syria.
Hermit's analysis shows that it can be used to gain control of phones, recording audio, redirecting calls, and collecting data such as contacts, messages, photos and location, Lookout researchers said.
In some cases, we believe that the actors worked with the target's ISP internet service provider to disable the target's mobile data connectivity.
Cyber spies would send links pretending to be from phone makers or messaging applications to trick people into clicking, even though they were not disguised as a mobile internet service provider, the cyber spies said.
Lookout researchers said that Hermit tricks users by serving up the legitimate websites of the brands it impersonates as it kicks off malicious activities in the background.
Google warned Android users that they were being targeted by the spyware and ramped up their software defenses. Apple said it has taken measures to protect iPhone users.
According to Alphabet-owned tech titan, Google's threat team is tracking more than 30 companies that sell surveillance capabilities to governments.
The commercial spyware industry is growing at a significant rate, according to Google.