Undersecretary of Defense, Angelo Tofalo, so in a note about the Exodus spyware affair that would have infected hundreds of unsuspecting Italians: "I learn this information with great regret from the newspapers and not from the relevant institutions. I hope that the institutions delegated to ensure a coordinated response to cyber events will make the necessary assessments as soon as possible and provide all the necessary clarifications.".
Tofalo says "confident that the judiciary will take its best action, ascertaining all responsibilities, trusting that no institution has made illegal use of the 'Exodus' malware ”. And then he adds: "The facts that have been contested today in various national media, however, if they were true to reality, would represent yet another dangerous deviance in the use of tools not sufficiently monitored by a policy that is not very sensitive to the management of the cyber domain".
The undersecretary then underlines: "What I read today suggests, alas, that we are still paying for the long wave of choices made years ago by governments lacking adequate sector skills. We just have to hope that the investments in people and means activated in recent months may contain other vulnerabilities of which we do not yet have evidence. For several years now, cyberspace has been the main game board for the positioning of each nation on the international geopolitical chessboard. We are trying - concludes Tofalo - to quickly bridge the inherited technological gap to build a state that has greater awareness of its degree of ambition, the role it must carve out and the responsibilities that derive from it.".
As reported by Corriere.it, hundreds of Italians infected with spyware - software that collects information - developed by an Italian company, distributed on Android devices and capable of bypassing Google security filters. It's called Exodus, has been identified by a group of researchers, the story is picked up by the Motherboard site which talks about "government malware". "We believe - say the researchers - that it has been developed by the company eSurv, of Catanzaro, since 2016". «We have identified - add the researchers - copies of an unknown spyware that have been successfully uploaded to the Google Play Store several times over the course of over two years. These applications have usually been available for months. ' Google, owner of Play Store, a digital store where apps are downloaded, contacted by researchers, removed the applications and stated that "thanks to advanced detection models, Google Play Protect will now be able to better detect future variants of these applications. ".
Some experts told Motherboard that the operation could have hit innocent victims "Since spyware seems to be defective and misdirected. Law and law enforcement experts have reported to the site that spyware may be illegal. "
The spy software acted in two steps. Exodus One collected basic information identifying the infected device (in particular the Imiei code that allows you to uniquely identify a phone and the mobile number). Once this information had been identified, the Exodus Two phase was started, a file was installed that collected data and sensitive information of the infected user such as browser history, calendar information, geolocation, Facebook Messenger logs, WhatsApp chats . According to experts, the spy software was used between the 2016 at the beginning of the 2019, copies of the spyware were found loaded on the Google Play Store, disguised as service applications of telephone operators.