Android spyware ‘hermit’ is now being used by governments

A new enterprise-grade Android spyware called ‘Hermit’ is being used by the governments via SMS messages to target high-profile people like business executives, human rights, missions, academics and government officials according to cyber-security researchers, as reported by Indo Asian News Service.

The team at cyber-security company Lookout Threat Lab uncovered the ‘surveillanceware’ that was used by the government of Kazakhstan in April, four months after nationwide protests against government policies werely suppressed.

“Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,” the researchers said in a blog post .

This isn’t the first time Hermit has been. Italian authorities used it in an anti-corruption operation in 2019.

“We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,” the team noted.

RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.

Collectively branded as “lawful intercept” companies, they claim to only sell to customers with a legitimate use for surveillanceware, such as intelligence and law enforcement agencies.

“In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights researchers, academics and government officials,” the researchers warned.

Hermit is modular spyware that hides its malicious capabilities in packages downloaded after it’s developed. These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record
audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.

Also Read: Crypto crash: Bitcoin last down 7.4 per cent at $18,915

“We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers,” said the Lookout team.

The spyware has been used for surveillance of global, political and political leaders from several nations around the world, including India. The Supreme Court-appointed technical committee last month informed the court that it would submit the Pegasus probe report soon. The committee informed the top court that 29 mobile devices have been examined. The Supreme Court gave more time to the technical committee to finalise and submit its report.

(with inputs from agencies)


You can now write for and be a part of the community. Share your stories and opinions with us here.


Leave a Comment