Google Says Attackers Collaborated With ISPs To Deploy Hermit Spyware On Android And iOS

According to research published by Google’s Threat Analysis Group (TAG) (via TechCrunch† This confirms previous findings from security research group Lookout, which has linked the spyware, called Hermit, to Italian spyware vendor RCS Labs.

- Advertisement -

Lookout says RCS Labs is doing the same job as NSO Group — the infamous surveillance-for-hire company behind the Pegasus spyware — passing commercial spyware to various government agencies. Lookout investigators believe Hermit has already been deployed by the government of Kazakhstan and Italian authorities. In line with these findings, Google has identified victims in both countries and said it will notify affected users.

As described in Lookout’s report, Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows the spyware to access the call details, location, photos and text messages on a victim’s device. Hermit can also record audio, make and intercept phone calls, as well as root to an Android device, giving it full control over its core operating system.

The spyware can infect both Android and iPhones by disguising itself as a legitimate source, usually in the form of a mobile operator or messaging app. Google’s cybersecurity researchers found that some attackers were actually working with ISPs to disable a victim’s mobile data to further their plan. Bad actors would then impersonate a victim’s mobile carrier via SMS and trick users into believing that a malicious app download will restore their internet connection. If attackers couldn’t work with an ISP, Google said they were masquerading as seemingly authentic messaging apps that they tricked users into downloading.

- Advertisement -

Lookout and TAG researchers say that apps with Hermit have never been made available through Google Play or Apple App Store. However, attackers were able to spread infected apps on iOS by enrolling in Apple’s Developer Enterprise Program. This allowed attackers to bypass the standard App Store vetting process and obtain a certificate that “meets all iOS code signing requirements on any iOS device”.

Apple told The edge that it has since revoked any accounts or certificates associated with the threat. In addition to informing affected users, Google has also pushed a Google Play Protect update to all users.

Latest articles

Novak Djokovic Wins 10th Australian Open Title, 22nd Slam

Novak Djokovic has won his 10th Australian Open championship and 22nd Grand Slam title...

Michael Jordan Net Worth, Height, Age, Family, Shoes

Michael Jordan Net Worth - Michael Jordan is a retired basketball player who is...

Twin Italian sisters celebrate their 200th birthday. Check out the video

Francesca and Maria Riccardi, who were both born on January 23, 1923, doubled their...

A crocodile brought back the body of a drowned child in Indonesia

The body of a drowned toddler was brought back by a crocodile in Indonesia,...

More like this

Amazon cuts more than 18,000 jobs in a second round of Amazon layoffs

Amazon laid off thousands more workers Wednesday, months after laying off 10,000. Amazon is set...

How ChatGTP-3 can benefit businesses

Almost every industry can benefit from technology such as ChatGTP-3. Listed below are six...

How a VPN Improve Your Cybersecurity 2023

Many people know about VPN (Virtual Private Network) services and how they can change your...