Google discovers proof of the spyware ‘Hermit’ being deployed and alerts Android users
Google has found strong evidence that enterprise-grade Android spyware called ‘Hermit’ is being used via SMS messages to target high-profile Android users
Google has discovered solid evidence that enterprise-grade Android malware known as ‘Hermit’ is being used to target high-profile Android users via SMS texts.
Google has issued a warning to all Android victims and made improvements to Google Play Protect.
Last week, cyber-security researchers discovered ‘Hermit,’ which is being utilised by governments via SMS messages to target high-profile individuals such as business executives, human rights activists, journalists, academics, and government officials.
“Based on our study, the spyware, which we termed ‘Hermit,’ is most likely built by Italian spyware vendor RCS Lab and Tykelab Srl, a telecoms solutions company we assume is acting as a front company,” researchers from cyber-security firm Lookout Threat Lab wrote in a blog post.
Lookout researchers discovered the government of Kazakhstan’s’surveillanceware.’
Google said late Thursday that the bad actors “worked with the target’s ISP (internet service provider) to disable the target’s mobile data connectivity.”
“Once disabled, the attacker would send a malicious link via SMS to the target, requesting that they install an application in order to regain data connectivity. We believe this is why the majority of the applications masquerading as mobile carrier applications exist “Google’s Threat Analysis Group (TAG) issued a warning.
When ISP participation is not available, applications are disguised as messaging applications.
For years, Google has been monitoring the operations of commercial spyware sellers and taking precautions to protect users.
The business testified last week at an EU Parliamentary inquiry on “Big Tech and Spyware.”
TAG is actively monitoring over 30 vendors with varied levels of expertise and public exposure that are offering exploits or surveillance capabilities to government-backed entities.
RCS Lab, an Italian spyware seller with almost three decades of experience, competes in the same industry as Pegasus developer NSO Group.
RCS Lab has collaborated with military and intelligence organisations in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.
Hermit is a modular spyware that conceals its dangerous capabilities in programmes downloaded after it has been installed.
Together with the permissions granted to the core programmes, these modules allow Hermit to attack a rooted device, capture audio, make and redirect phone calls, and gather data like as call logs, contacts, photographs, device location, and SMS messages.
Hermit deceives consumers by displaying convincing webpages of the brands it impersonates while launching dangerous activity in the background.
The Israeli cyber business NSO Group created Pegasus, which can be secretly installed on iPhones and other devices.
It was capable of reading text messages, tracking phone calls, collecting passwords, tracking position, accessing the target device’s microphone and camera, and harvesting data from apps.
The software has been used to spy on activists, journalists, and political figures from all around the world, including India.