Google warns of Italian spyware Hermit targeting iOS and Android devices

Google said attackers using the Hermit spyware worked with the ISPs of victims in some cases to disable their data, before sending an SMS with a ‘malicious link’ to restore connectivity.

Researchers at Google have warned of a commercial spyware linked to an Italian vendor that is targeting iOS and Android devices, dubbed Hermit by security firm Lookout.

Google has linked the spyware to Milan-based RCS Labs and said victims of the software have been identified in Italy and Kazakhstan. Last week, researchers at Lookout published findings on the Android version of the spyware and also detected its use in Syria.

Lookout said the latest samples of the Hermit spyware were detected in April, four months after nation-wide protests against government policies in Kazakhstan were “violently suppressed”.

According to Lookout and Google, the Hermit spyware hides its malicious capabilities in packages downloaded after it’s deployed. The spyware can record audio, make and redirect phone calls and collect data such as call logs, contacts, photos, device location and SMS messages.

Confirming Lookout’s findings, researchers from Google’s Threat Analysis Group (TAG) said they detected victims of the spyware in Italy and Kazakhstan on both Android and iOS devices. They also found evidence that the spyware actors worked with the internet service provider (ISP) of victims, to disable mobile data connectivity.

The attacker would then send a “malicious link” through SMS asking the target to install an application to recover their data connectivity.

“We believe this is the reason why most of the applications masqueraded as mobile carrier applications,” Google’s TAG researchers said in a report. “When ISP involvement is not possible, applications are masqueraded as messaging applications.”

RCS Labs has been operating since 1993 and claims to have clients in law enforcement agencies worldwide. RCS Labs told Reuters that its products and services comply with European rules and help law enforcement agencies to investigate crimes. It added that it condemned any abuse of its products.

“RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” RCS Labs told Reuters in an email.

The Hermit spyware was not found in the Android or iOS app stores, according to Google and Lookout. Google said it has notified the Android users of infected devices and implemented changes in Google Play to protect users.

In a statement to WiredApple said that it has revoked all known accounts and certificates associated with the spyware campaign.

Lookout said RCS Labs operates in the same market as NSO Group, the Israeli company behind the military-grade spyware Pegasus. This company made headlines last year when an investigation claimed the Pegasus spyware was abused and used to target journalists, activists and government officials.

In February, The EU’s data protection watchdog called for a ban on the use of Pegasus spywarefollowing the revelations of its potential impact on privacy rights.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily BriefSilicon Republic’s digest of essential sci-tech news.

Original Article reposted fromSource link

Disclaimer: The website autopost contents from credible news sources and we are not the original creators. If we Have added some content that belongs to you or your organization by mistake, We are sorry for that. We apologize for that and assure you that this won’t be repeated in future. If you are the rightful owner of the content used in our Website, please mail us with your Name, Organization Name, Contact Details, Copyright infringing URL and Copyright Proof (URL or Legal Document) aT spacksdigital @

I assure you that, I will remove the infringing content Within 48 Hours.

Leave a Reply

Your email address will not be published.