Cyber-security researchers last week unearthed `Hermit` that is being used by the governments via SMS messages to target high-profile people like business executives, human rights activists, journalists, academics and government officials, an IANS report said.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background, this report said.

Hermit is a modular spyware that hides its malicious capabilities in packages downloaded after it is deployed. These modules, along with the permissions the core apps have, enables Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages, according to the IANS report.

The Lookout researchers also uncovered the 'surveillanceware' that was used by the government of Kazakhstan, the IANS report said.

Google said late on Thursday that the government-backed bad actors "worked with the target`s ISP (internet service provider) to disable the target's mobile data connectivity," the report further said.

Subsequently, When ISP involvement is not possible, applications are masqueraded as messaging applications.

See Zee Business Live TV Streaming Below:

"Based on our analysis, the spyware, which we named `Hermit` is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company," the researchers from cyber-security company Lookout Threat Lab said in a blog post.

Italian spyware vendor RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus developer NSO Group, this report said.

RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan, the report added.

The blog post further added that, "Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry."  

"Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors," the blog post added.

Apart from the Android version, The TAG researchers said that they are also aware of an iOS version of Hermit "but were unable to obtain a sample for analysis".

The TAG also said that their findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploit