Security researcher Lookout and Google's Threat Analysis Group (TAG), which focuses on tracking and analyzing government-backed hacking and attacks, have recently published research on "Hermit," a spyware that can infiltrate iOS and Android devices.
What Is Hermit Spyware?
According to Lookout and TAG, Kazakhstan and Italy have been affected by the commercial spyware Hermit, which is known to be used by governments. Lookout claims to have discovered the spyware used across northern Syria as well, as per the report of TechCrunch.
In order to gather call records, capture ambient audio, divert phone conversations, and gather images, messages, emails, and the device's precise position from a victim's device, the spyware requires a variety of modules, which it periodically downloads from its command and control servers.
9to5Mac reported that the sideload process on both platforms allowed the spyware to be distributed outside of the App Store and Google Play.
RCS Lab, an Italian software company, developed the this spyware to target iOS and Android users.
Targets of Hermit Spyware
According to 9to5Mac, there is evidence that RCS Lab has been selling the spyware to "government-backed actors," albeit the exact targets of the Hermit spyware are currently unknown. However, although this spyware program is not intended for everyday users, the security and privacy of individuals are still greatly threatened by their existence.
Read More: Carnival Cruises Fined $5 Million for Cybersecurity Failures
How Does Hermit Spyware Get Into Android and iOS Devices?
According to Lookout (via TechCrunch), targeted users are misled into downloading and installing the malicious app, which poses as a reputable branded telco or messaging app, outside of the app store by sending them a malicious link through text message.
9to5Mac explained that the process on iOS is a little more difficult, but it's still doable, unlike Android, which allows any user to install apps from other sources with ease.
RCS Lab delivered its fake program to iOS users as an enterprise app because Apple grants special certificates to businesses so they can distribute enterprise apps to their employees outside of the App Store. A legitimate messaging or telecom app was used to conceal the spyware. As noted by 9to5Mac, Apple does not review enterprise apps, so it is simpler for them to take advantage of iOS security flaws.
According to both companies, the Hermit spyware for Android and iOS was not available in the app stores.
How Did Apple and Google Deal with Hermit Spyware?
TechCrunch reported that Google has updated Google Play Protect to prevent the software from operating and has notified the Android owners of compromised devices. Google also claimed that it had also terminated the spyware's Firebase account, which it had been using to connect to its servers.
On the other hand, 9to5Mac reported that Apple has so far managed to halt the spread of Hermit spyware. According to a company representative, all known accounts and certificates linked to the spyware have been revoked, making it impossible for the dangerous app to be deployed outside of the App Store.
Related Article: Afraid Your iPhone Is Infected With Spyware? Major Warning Signs and 6 Ways You Can Remove It
