Lookout security researchers tied a previously unattributed Android mobile spyware to an Italian software company. According to Lookout researchers, many of their findings have been confirmed by threat researchers from the internet giant.
According to Lookout, Hermit is used by governments in Italy and Kazakhstan. In northern Syria, Lookout says it has seen the deployment of spy ware. The spyware uses various modules, which it downloads from its command and control server as they are needed, to collect call logs, record ambient audio, redirecting phone calls, and collecting photos, messages, emails, and the device's precise location from a victim's device. According to the analysis done by Lookout, Hermit tries to root aninfecting device in order to give it even more access to the victim's data.
Lookout said that targeted victims are sent a malicious link by text message and tricked into download and install the malicious app from outside of the app store.
In some cases, the government actors in control of the spyware worked with the target's internet provider to cut their mobile data connection, likely as a lure to trick the target into downloads, according to a new post published Thursday.
Lookout said previously that it was unable to obtain a sample of the Hermit spyware that was analyzed by the internet giant. There are at least six different exploits in the HermitiOS app, two of which were never-before-seen vulnerabilities. Apple was aware that one of the zero-day vulnerabilities was being exploited before it was fixed.
Both companies said that the version of the Hermit spyware that was found on the app stores was not found on the phones. The company said it has updated its Play Protect app to block the app from running if it's installed on a device that's been compromised. The Firebase account, which the spyware used to communicate with its server, was stopped by the company.
It wasn't clear how many people were being notified.
The accounts and certificates associated with the campaign have been revoked by Apple, according to the company's spokesman.
State agencies are known to use government-grade spyware. Although it is not known who has been targeted by governments using Hermit, similar mobile spyware developed by hacking-for-hire companies, like NSO Group and Candiru, have been linked to the surveillement of journalists, activists and human rights defenders.
When contacted, RCS Lab gave an unattributed statement which said that it exports its products in compliance with both national and European rules. After getting an official authorization from the competent authorities, any sales or implementation of products are done. We deliver and install our products in approved customers' premises. The employees of the lab are not involved in any of the activities conducted by the customers.
You can get in touch with this reporter by email or by phone.
Researchers say Hermit, a powerful mobile spyware, is used by governments
All Rights Reserved © 2024
