A spyware developer has been caught distributing fake Android apps

However, a government-sponsored software developer has been caught after its customers used fake Android apps to install its surveillance software on their targets, according to a new report.

On Thursday, Osservatorio Nessuno, an Italian digital rights watchdog that investigates spyware, published a report on the new malware it calls Morpheus. Spyware, which looks like mobile software, can steal a lot of information from a target device.

The findings of these researchers show that the demand for spying software by law enforcement and intelligence agencies is so great that there are many companies that provide this technology, some of which operate outside the public domain.

In this case, the Osservatorio Nessuno confirmed that the spying programs have been linked to IPS, an Italian company that has been working for more than 30 years providing technology known as legitimate, meaning the tools used by governments to capture the real messages of a person that travel through the mobile network and the Internet.

According to the IPS websitethe company operates in more than 20 countries, although this does not mean spyware, which until today was a secret. The company lists several Italian police forces among its clients.

IPS did not respond to TechCrunch’s request for comment on the report.

The researchers called the “Morpheus” spyware “low-cost” because it relies on an initial infection method to trick targets into installing the spyware itself.

Top government spy software developers, such as The NSO team and Paragon Solutionsthey allow their government clients to destroy their targets with invisible means, known as zero-click attackwhich installs malware stealthily and invisibly by using expensive and hard-to-find threats that breach the device’s security.

In this case, the investigators said that the authorities had help from the mobile operator they wanted, who started to deliberately block the mobile data of the target. Meanwhile, the telecom provider sent the target an SMS, prompting them to install an app that was supposed to help them change the phone, and regain access to cellular services. This is the way to do it well written sometimes Italian spy software developers.

When the spyware was installed, it misused Android’s built-in features, which allowed the spyware to read the victim’s web content and interact with other apps. The malware was designed to collect all kinds of information on devices, according to researchers.

The spyware launched fake updates, showed the target a reboot screen, and eventually compromised the WhatsApp app and asked the target to provide their biometrics to verify their identity. Unbeknownst to the target, the biometric tap gave the spyware full access to their WhatsApp account by adding a device to the account. This is a common method used by the Ukrainian government sabotagealso in the recent espionage campaign in Italy.

An old company with new spyware

Osservatorio Nessuno researchers, who asked to be identified only by their first names, Davide and Giulio, confirmed that the spyware belongs to IPS based on the architecture of the spyware.

In particular, one of the IP addresses used in the meeting was registered to “IPS Intelligence Public Security.”

The two also found several pieces of mail that contained Italian words – apparently to be tradition among the Italian spy agencies. The crime code contained Italian words, including references to Gomorrah, a popular book and TV show about a Neapolitan mob, and “spaghetti.”

Davide and Giulio told TechCrunch that they could not go into detail about who they were targeting, but said they believed the attack was “connected to political protests” in Italy, a country where “threats of this type are very common these days.”

A researcher at a cybersecurity firm told TechCrunch that their company is tracking the malware. After reviewing the Osservatorio Nessuno’s report, the researcher said that the cold program is actually made by an Italian expert.

IPS is the latest in a long line of Italian spyware developers to fill the space once occupied by Italian company Hacking Team, one of the world’s leading spyware developers. The company controlled a large part of the local market apart from exports before it was hijacked, then sold and restructured. In recent years, researchers have publicly exposed several Italian spyware developers, including CY4GATE price, GR Systems, Video, Negg, Remove the goods, Cost of RCS Laband soon NOT.

Earlier this month WhatsApp notified about 200 users who installed the fake program, which was actually spyware developed by the SIO. In 2021, the Italian opposition stopped their use of CY4GATE and SIO spyware because of the seriousness.