According to research published by Google Threat Analysis Group (TAG), a sophisticated spyware campaign is getting the help of internet service providers (ISPs) to trick users into downloading malicious apps. The campaign aims to trick users into installing spyware on their devices. This lends credence to the prior findings of the security research organization Lookout, which has established a connection between the malware known as Hermit and the Italian spyware firm RCS Labs.
Hermit Malware Out to get Android and iOS Users
According to Lookout, RCS Labs is in the same line of business as the notorious surveillance-for-hire firm NSO Group, which was the company that developed the Pegasus malware. RCS Labs allegedly sells commercial spyware to a variety of government organizations. According to the speculations of researchers at Lookout, the Hermit system has already been put into use by the government of Kazakhstan and the authorities in Italy. In light of these discoveries, Google has identified victims in both countries and has said that it will contact individuals who were impacted.
Read More: Toyota BZ4X Electric SUV Review
What is Hermit Malware?
Hermit is a modular threat that, according to the description provided in Lookout’s report, is capable of downloading new capabilities from a command and control (C2) server. This gives the spyware access to the victim’s call logs, location, photographs, and text messages on the device that they are using. Hermit is also capable of recording audio, making and intercepting phone conversations, and gaining root access to an Android smartphone, providing it with complete control over its fundamental operating system.
Exploit User Data
The malware may infect both Android and iPhones by masquerading as a legal source, generally taking the shape of a cell carrier or messaging app. It does this to infect the devices without the user’s knowledge. Researchers in Google’s cybersecurity division discovered that some attackers collaborated with Internet service providers (ISPs) to turn off a victim’s mobile connectivity to progress their scam.
Also Read: Nasa Makes History Once Again
After that, bad actors would pretend as a victim’s cell carrier through SMS and fool victims into thinking that downloading a malicious program would restore their internet access. This would be done by impersonating the victim’s mobile carrier. Google claims that the attackers, if unable to interact with an Internet service provider (ISP), posed as ostensibly real chat applications to trick users into installing them.
Let’s Look at What Research Says
According to the findings of researchers from Lookout and TAG, applications including Hermit were never distributed on Google Play or the Apple App Store. However, by registering in Apple’s Developer Enterprise Program, attackers could distribute malicious programs on iOS. Because of this, malicious actors could sidestep the regular vetting procedure that the App Store performs and get a certificate that “satisfies all of the iOS code signing criteria on any iOS devices.”
Takeaway
According to a statement by Apple, the company has subsequently removed any certificates or accounts that were involved with the danger. In addition to contacting consumers impacted by the vulnerability, Google has also sent an update for Google Play Protect to all users.
