If you own smartphone know about Hermit spyware | Deadlier than Pegasus!

Get real time updates directly on you device, subscribe now.

Google has found strong evidence that enterprise-grade Android spyware called Hermit is being used via SMS messages to target high-profile Android users.

The tech giant has warned all Android victims and implemented changes in Google Play Protect.

Lookout, a cloud-based security company, has recently discovered a new spyware called “Hermit” that is capable of affecting both Android and iOS devices. According to a recent report by TechCrunch, the company’s security researchers have detailed that an Android version of the spyware was used in “targeted attacks by national governments with victims in Kazakhstan, Syria and Italy.” Now, google’s researchers have also confirmed the findings of Lookout and have started notifying Android users about the devices that have already been compromised by the spyware.

According to the report, Google and Lookout have confirmed that Hermit is a commercial spyware that is known to be used by governments with victims in Kazakhstan, Italy and northern Syria. Lookout has also mentioned that the spyware was first detected in Kazakhstan in April after the government violently suppressed protests against government policies. Moreover, the spyware is also speculated to be deployed in the northeastern Kurdish region of Syria and by Italian authorities as part of an anti-corruption investigation. The report also mentions that Lookout has accused and linked the spyware to RCS Lab, while the Italian software company has denied accountability.

How does it affect Android and iOS devices

The report also mentions that Lookout got hold of a sample of the Hermit Android malware which is said to be modular as it allows the spyware to download additional components that the malware requires. Like any other spyware, this one also uses different modules to collect call logs, photos, messages, emails along with recording audio, redirecting phone calls and even exposing the device’s exact location.

Moreover, Lookout has also warned that the spyware can root phones by controlling files from the command and control server required to break the device’s protections and allow unhindered access without user interaction. Paul Shunk, a Lookout researcher mentioned that the malware can run on all Android versions and “stands out from other app-based spyware.”

Meanwhile, Google has also analysed a sample of the Hermit spyware targeting iPhones. According to the tech giant, the Hermit iOS app corrupts Apple enterprise developer certificates and allows the spyware to be sideloaded on a victim’s device from outside the app store. The iOS app also packs six different exploits out of which two are zero-day vulnerabilities.

Clickjacking attack | how hackers steal your banking info?

How Google and Apple are reacting to the spyware

The report mentioned that neither the Android nor the iOS versions of the Hermit spyware were found in the respective app stores. Apart from notifying the affected Android users, Google has also updated its Play Protect (the built-in app security scanner in Android) to block the app from running, says the report. Moreover, the company has also killed the spyware’s Firebase account, which was used to communicate with its servers. However, Google didn’t mention the number of affected Android users that the company has notified.

Meanwhile, Apple has also removed all known “accounts and certificates associated with the is spyware campaign”, suggests the report.

Get real time updates directly on you device, subscribe now.

Comments are closed.