Google has found strong evidence that enterprise-grade Android spyware called ‘Hermit’ is being used via SMS messages to target high-profile Android users.
The tech giant has warned all Android victims and implemented changes to Google Play Protect.
Cyber-security researchers last week unearthed ‘Hermit’, which is being used by governments to target high-profile people such as business executives, human rights activists, journalists, academics and government officials via SMS messages.
“Based on our analysis, the spyware, which we have named ‘Hermit’, is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company, which we suspect may be a front company. is working in,” a researcher at cyber-security company Lookout Threat Lab said in a blog post.
Lookout researchers uncover ‘surveillanceware’ used by Kazakhstani government.
Google said late Thursday that government-backed bad actors “worked with Target’s ISP (Internet Service Provider) to disable Target’s mobile data connectivity”.
“Once disabled, the attacker will send a malicious link via SMS and ask the target to install an application to recover their data connectivity. We believe this is the reason why most Applications masquerade as mobile carrier applications,” Google’s Threat Analysis Group (TAG) warned.
When ISP involvement is not possible, the application is disguised as a messaging application.
Google has been tracking the activities of commercial spyware vendors for years, and is taking steps to protect people.
Last week, the company testified at an EU parliamentary hearing on “big tech and spyware.”
TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploit or surveillance capabilities to government-backed actors.
Italian spyware vendor RCS Lab, a known developer active for more than three decades, operates in the same market as Pegasus developer NSO Group.
RCS Lab has worked with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
Hermit is a modular spyware that hides its malicious capabilities in downloaded packages after they are deployed.
These modules, together with the permissions of the core apps, allow the Hermit to exploit rooted devices, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages. enables.
Hermit deceives users by serving legitimate webpages of brands impersonating them as it kickstarts malicious activities in the background.
The researchers said they are also aware of an iOS version of the Hermit “but were unable to obtain a sample for analysis”.
Pegasus was developed by Israeli cyber company NSO Group to be installed covertly on iPhone and other devices.
It was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and accessing information from apps.
Spyware has been used to monitor activists, journalists and political leaders in many countries around the world, including India.
(Only the title and image of this report may have been reworked by Business Standard staff; the rest of the content is generated automatically from a syndicated feed.)
Business Standard has always worked hard to provide updated information and commentary on events that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering has only reinforced our resolve and commitment to these ideals. Even during these difficult times arising out of COVID-19, we are committed to keeping you informed and updated with relevant news, authoritative views and sharp comments on relevant relevant issues.
However, we have a request.
As we grapple with the economic impact of the pandemic, we need your support even more so that we can continue to provide you with more quality content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. Subscribing to more of our online content can only help us achieve our goals of providing you with better and more relevant content. We believe in independent, unbiased and credible journalism. Your support through more subscriptions can help us practice the journalism we’re committed to.
Support quality journalism and subscribe to Business Standard.