Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS



Google’s Threat Analysis Group (TAG) (via) techcrunchThis confirms earlier findings by security research group Lookout, which linked spyware, called Hermit, to Italian spyware vendor RCS Labs.

Lookout says RCS Labs is doing similar work to NSO Group — the infamous surveillance-for-hire company behind Pegasus spyware — and sells commercial spyware to various government agencies. Researchers at Lookout believe the Hermit has already been deployed by the Kazakhstani government and Italian authorities. In line with these findings, Google has identified victims in both countries and said it will notify affected users.

As described in Lookout’s report, Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows spyware to access call records, locations, photos and text messages on the victim’s device. The Hermit is capable of recording audio, making and intercepting phone calls, as well as rooting an Android device, which gives it complete control over its core operating system.

Apps with Hermit were never made available through Google Play or the Apple App Store

Spyware can infect both Android and iPhone by disguising itself as a legitimate source, usually in the form of a mobile carrier or messaging app. Cybersecurity researchers at Google found that some attackers actually worked with ISPs to siphon off a victim’s mobile data in order to advance their plan. Bad actors will then masquerade as the victim’s mobile carrier over SMS and trick users into believing that a malicious app download will restore their internet connectivity. If the attackers were unable to work with the ISP, Google says they tricked users into downloading what appeared to be an authentic messaging app.



Also read: Hermit spyware is hijacking Android devices and iPhones – how to find it before you’re next

Researchers from Lookout and TAG say that apps with Hermit were never made available through Google Play or the Apple App Store. However, attackers were able to distribute infected apps on iOS by enrolling in Apple’s Developer Enterprise Program. This allowed bad actors to bypass the App Store’s standard checking process and obtain a certificate that “meets all iOS code signing requirements on any iOS device.”

apple told ledge That it has since revoked any account or certificate associated with the threat. Apart from notifying the affected users, Google has also rolled out the Google Play Protect update to all users.

Source



Related News

Android: why you should not charge your cell phone to 100%

Are you one of the people who leaves carrying the cell phone all night? Well, we tell you that this can be harmful not for you, but for your smartphone.

WhatsApp: how to save data when you make a call or video call

Do you run out of megabytes on your cell phone too quickly? WhatsApp is possibly responsible for doing so. The messaging application has an infinite number of

The guide to remove the internal dust that is in the speakers of your Xiaomi phone

Most users normally clean the outside of their phone Android with a damp cloth or dry cloth, however, dirt also enters through the speaker holes and could

WhatsApp Plus without ads: find out if there is a new July 2022 update TODAY

WhatsApp It has become a necessary application in various cell phones in the world from where you can do countless things from calling a person to reacting to

$500. best phone for less than

Most phone buyers would be rocking the latest and greatest model, were it not for budget constraints, lack of convincing new The features, or the fact that

Tired of advertising SMS and SPAM? We show you how to block them on Android and iPhone

It is true that except in certain contexts and territories, SMS messages they have gone from being a method of communication to a channel for receiving order