New Delhi, June 24 (IANS) | Google has found strong evidence that enterprise-grade Android spyware ‘Hermit’ is being used via SMS messages to target high-profile Android users.
The tech giant has warned all Android victims and implemented changes to Google Play Protect.
Cyber-security researchers last week unearthed ‘Hermit’, which is being used by governments to target high-profile people such as business executives, human rights activists, journalists, academics and government officials via SMS messages.
“Based on our analysis, the spyware, which we have named ‘Hermit’, is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company, which we suspect may be a front company. is working in,” a researcher at cyber-security company Lookout Threat Lab said in a blog post.
Lookout researchers uncover ‘surveillanceware’ used by Kazakhstani government.
Google said late Thursday that government-backed bad actors “worked with Target’s ISP (Internet Service Provider) to disable Target’s mobile data connectivity”.
“Once disabled, the attacker will send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications turned out to be mobile carrier applications,” warned Google’s Threat Analysis Group (TAG).
When ISP involvement is not possible, the application is disguised as a messaging application.
Google has been tracking the activities of commercial spyware vendors for years, and is taking steps to protect people.
Last week, the company testified at an EU parliamentary hearing on “big tech and spyware.”
TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploit or surveillance capabilities to government-backed actors.
Italian spyware vendor RCS Lab, a known developer active for more than three decades, operates in the same market as Pegasus developer NSO Group.
RCS Lab has worked with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
Hermit is a modular spyware that hides its malicious capabilities in downloaded packages after they are deployed.
These modules, together with the permissions of the core apps, allow the Hermit to exploit rooted devices, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages. enables.
Hermit deceives users by serving legitimate webpages of brands impersonating them as it kickstarts malicious activities in the background.
The researchers said they are also aware of an iOS version of the Hermit “but were unable to obtain a sample for analysis”.
Pegasus was developed by Israeli cyber company NSO Group to be installed covertly on iPhone and other devices.
It was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and accessing information from apps.
Spyware has been used to monitor activists, journalists and political leaders in many countries around the world, including India.