A new spy product for iOS connected with the Italian developer RCS Labs has been discovered in the world. The information malware was published on Thursday, June 23 by Google Threat Analysis Team and Project Zero Vulnerability Analysis Team.

Google researchers say they found victims of spyware in Italy and Kazakhstan, on both iOS and Android devices. Last week, cybersecurity company Lookout published data on the Android version of the program, which was called “Hermit” and which also belongs to RCS Labs.

Analyzing the iOS version of the spy, the researchers found that it was distributed using a fake application that resembled My Vodafone from an international mobile operator. In both cases Android and iOS, the attackers probably tricked the victims into clicking on the link and downloading the app. In some cases, with iOS, they could work with local providers to cut off mobile communications and make sure that installing the fake My Vodafone app could restore it.

iOS became particularly vulnerable because RCS Labs signed up for the Apple Enterprise Developer Program through a fictitious company and received a certificate that allowed them to download apps bypassing the standard AppStore validation. Apple says it has already revoked all known spyware accounts and certificates.

“Google has been tracking the activities of commercial spyware vendors for years, and in that time we have seen the industry rapidly expand from a few vendors to an entire ecosystem. These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. But there is little or no transparency into this industry, that’s why it’s critical to share information about these vendors and their capabilities,” tells security engineer to Wired.

Lookout notices, that Italian officials used the version of the program back in 2019 during an anti-corruption investigation. In addition to Italy and Kazakhstan, the company found traces of the program’s use by an unknown organization in Syria.