Home Top Tech news Google says attackers with ISPs will deploy Hermit spyware on Android, iOS...

Google says attackers with ISPs will deploy Hermit spyware on Android, iOS devices


Google is warning Android and iOS users about a sophisticated spyware that is helping Internet service providers (ISPs) attack their targets. According to a recent report from Google’ Threat Analysis Group (TAG) RCS Labs, which operates in the same domain as NSO Group, the group behind the infamous Pegasus spyware, spyware called Hermit has been used to target mobile users on both iOS and Android devices. is using. Android in Italy and Kazakhstan.

This report corroborates a report by the security research group, Lookout, that linked the spyware named Hermit to RCS Labs.

what is hermit spyware

Lookout researchers said that Hermit is a ‘modular surveillance-ware that hides its malicious capabilities in packages that are then downloaded.’ What makes it dangerous is that this spyware can not only record audio, but can also make and redirect phone calls, as well as call logs, contacts, photos, device locations and SMS to the target smartphone. May collect data such as messages.

How does Hermit spyware work?

The researchers further explained that the spyware is distributed through SMS messages pretending to be from a legitimate source. In the samples the researchers analyzed, spyware impersonated applications from telecommunications companies or smartphone makers. Lookout researchers wrote in one, “Hermit deceives users by serving legitimate webpages of brands it impersonates as it kickstarts malicious activities in the background.” blog Post.

To maintain its cover, hermit spyware loads and displays websites from the impersonated company, as well as kickstarts malicious activities in the background. This spyware is smart. First, it checks whether the device it is targeting is exploitable. “If the device is confirmed to be exploitable it will communicate with C2 to obtain the necessary files to exploit the device and start its root service. This service can then be used to enable elevated device privileges.” Such as access to accessibility services, notification content, package usage status and the ability to ignore battery optimization,” the researchers said.

Google’s TAG said all the attacks it observed originated from a unique link sent to the target. Once clicked, the page tried to trick the user into downloading and installing a malicious application on Android or iOS. “In some cases, we believe that actors worked with the target’s ISP to disable the target’s mobile data connectivity,” TAG wrote in a blog post that once disabled.

“We believe this is the reason why most of the applications came out as mobile carrier applications. When ISP involvement is not possible, the application is offered as a messaging application,” it added.

The group also notes that the malware was not available on the Google Play Store, on iOS it was distributed through Apple’s Developer Enterprise Program. “These apps still run inside the iOS app sandbox and are subject to the same technical privacy and security enforcement mechanisms (such as code side loading) as any App Store app. However, they can be sideloaded on any device and app No need to install through the Store. We don’t believe the apps were ever available on the App Store,” TAG couple,

How can I protect myself from this spyware?

Google, on its part, has warned all Android victims. It has also implemented changes to the Google Play Protect and disabled Firebase projects used as C2 in this campaign.

Android and iOS users, on their part, can download the latest version of the mobile OS to their smartphones. Additionally, smartphone users should avoid downloading unknown apps or clicking on links from unknown sources.

Google says attackers with ISPs first appeared on BGR India to deploy Hermit spyware on Android, iOS devices.

Read full article here


Leave a Reply

%d bloggers like this: