Researchers discovered a new enterprise-grade Android spyware called ‘Hermit,’ which is being used by governments to target high-profile individuals such as business executives, human rights activists, journalists, academics, and government officials via SMS messages.
In April, a team from cyber-security firm Lookout Threat Lab discovered the government of Kazakhstan’s’surveillanceware,’ four months after widespread rallies against government policies were violently quashed.
“Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,” the researchers wrote in a blog post.
Hermit isn’t the first time he’s been called upon.
It was used by Italian authorities in an anti-corruption operation in 2019.
“We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,” the team said.
RCS Lab, a well-known developer with over three decades of experience, competes in the same market as Pegasus developer NSO Group Technologies and FinFisher creator Gamma Group.
In Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan, RCS Lab has worked with military and intelligence agencies.
They claim to only sell to customers who have a legal need for surveillanceware, such as intelligence and law enforcement agencies and are collectively known as “lawful intercept” firms.
“In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,” the researchers cautioned.
Hermit is spyware that hides its dangerous capabilities in packages that are downloaded after it has been installed.
These modules, combined with the permissions granted to the core programmes, allow Hermit to take advantage of a rooted device, record audio, make and redirect phone calls, and gather data such as call logs, contacts, photographs, device location, and SMS messages.
“We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers,” The Lookout team expressed their displeasure with the situation.
Hermit deceives consumers by posing as legitimate websites for the brands it impersonates while running harmful code in the background.
The researchers are also aware of an iOS version of Hermit, but “weren’t able to secure a sample for study,” according to the researchers.
RCS Lab was a reseller for another Italian spyware outfit, HackingTeam, now known as Memento Labs, as early as 2012, according to hacked papers provided by WikiLeaks.
By providing a hash-based message authentication code, the malware also tries to keep the data integrity of the evidence it collects (HMAC).
“Electronic surveillance technologies are similar to any other sort of armament in some ways. Shalev Hulio, the CEO of the NSO group, recently opened up the potential of selling to ‘risky’ clients due to financial pressures “According to the researchers.
The Israeli cyber firm NSO Group created Pegasus, which can be installed secretly on mobile phones and other devices.
It was capable of reading text messages, tracking calls, collecting passwords, tracking positions, accessing the microphone and camera on the target device, and harvesting data from apps.
The software has been used to monitor activists, journalists, and political leaders from a number of countries, including India.
Last month, the Supreme Court-appointed technical committee notified the court that the Pegasus probe report would be submitted soon.
The highest court was informed that 29 mobile devices had been reviewed by the committee.
The Supreme Court granted the technical committee more time to complete and submit its report.
