Android ‘hermit’ spyware is now being used by governments

A new enterprise-grade Android spyware called “Hermit” is being used by governments via SMS messages to target figures such as business executives, human rights activists, journalists, academics and officials government, according to cybersecurity researchers, as reported by the Indo-Asian Information Service.

The team from cybersecurity firm Lookout Threat Lab uncovered the “surveillance software” used by the government of Kazakhstan in April, four months after the violent crackdown on nationwide protests against government policies.

“Based on our analysis, the spyware, which we have named ‘Hermit’, is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company that we suspect operates as a shell company,” the researchers said in a blog post. .

This is not the first time Hermit has been deployed. Italian authorities used it in an anti-corruption operation in 2019.

“We also found evidence to suggest that an unknown actor used it in northeast Syria, a predominantly Kurdish region that has been the site of numerous regional conflicts,” the team noted.

RCS Lab, a known developer active for more than three decades, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.

Collectively referred to as “lawful interception” companies, they claim to only sell to customers with legitimate use of surveillance software, such as intelligence agencies and law enforcement.

“In reality, these tools have often been misused under the guise of national security to spy on corporate executives, human rights activists, journalists, academics and government officials,” the authorities warned. researchers.

Hermit is modular spyware that hides its malicious capabilities in packages downloaded after deployment. These modules, along with the permissions that the core apps have, allow Hermit to operate a rooted device, record
audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location, and SMS messages.

Also read: Crypto crash: Bitcoin fell 7.4% to $18,915

“We hypothesize that the spyware is being distributed via SMS messages pretending to be from a legitimate source. The analyzed malware samples impersonated applications from telecommunications companies or smartphone manufacturers,” said said the Lookout team.

The spyware has been used to monitor activists, journalists and political leaders from several countries around the world, including India. Last month, the Supreme Court-appointed technical committee informed the court that it would soon submit the Pegasus investigation report. The committee informed the high court that 29 mobile devices had been examined. The Supreme Court granted the technical committee more time to finalize and submit its report.

(with agency contributions)


You can now write for and be part of the community. Share your stories and opinions with us here.

#Android #hermit #spyware #governments

Post expires at 10:08am on Wednesday June 29th, 2022