Security researchers have discovered an mobile spyware that is used by various governments. Read on to know more about it…
Cybersecurity researchers discovered a new enterprise-grade Android spyware known as ‘Hermit,’ which is being used by governments to target high-profile individuals such as business executives, human rights activists, journalists, academics, and government officials via SMS messages.
In April, a team from cybersecurity firm Lookout Threat Lab discovered the government of Kazakhstan’s’surveillanceware,’ four months after widespread rallies against government policies were violently quashed.
The researchers said in a blog post “Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,”
Hermit isn’t the first time that has been deployed by the governments of the world. In 2019, spywares was used by Italian authorities in an anti-corruption operation.
The team noted “We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,”
RCS Lab, a known developer with over three decades of experience, competes in the same market as Pegasus developer NSO Group Technologies and FinFisher creator Gamma Group.
In Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan, RCS Lab has worked with military and intelligence agencies.
Collectively known as “lawful intercept” firms, RCS Lab claim to only sell to customers who have a legitimate need for surveillanceware, such as intelligence and law enforcement agencies.
The researchers warned that “In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,”
Working Mechanism
Hermit is a modular spyware that hides its malicious capabilities in packages that are downloaded after it has been deployed.
These modules, combined with the permissions granted to the core apps, allow Hermit to take advantage of a rooted device, record audio, make and redirect phone calls, and collect data such call logs, contacts, photographs, device location, and SMS messages.
The Lookout team said “We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers,”
Hermit deceives users by posing as legitimate websites of the brands it impersonates while running malicious code in the background.
The researchers stated that they are also aware of an iOS version of Hermit, but “but were unable to obtain a sample for analysis”.
RCS Lab was a reseller for another Italian spyware vendor, HackingTeam, now known as Memento Labs, as early as 2012, according to leaked documents provided by WikiLeaks.
Hermit is a highly configurable spyware with enterprise-level data collection and transmission capabilities.
By sending a Hash-based Message Authentication Code (HMAC), the spyware also tries to maintain the data integrity of the evidence it collects.
The researchers said “In a sense, electronic surveillance tools are not that different from any other type of weaponry. Just this month, faced with financial pressure, CEO of the NSO group Shalev Hulio opened up the possibility of selling to ‘risky’ clients,”
Fallout of Weaponized Spyware
The Israeli cyber firm NSO Group created Pegasus, which can be installed secretly on mobile phones and other devices. It was capable of reading text messages, tracking calls, collecting passwords, tracking position, accessing the microphone and camera of the target device, and harvesting data from apps.
The spyware has been used for surveillance of activists, journalists, and political leaders from a number of countries, including India.
Last month, the Supreme Court-appointed technical committee informed the Indian Supreme court that the Pegasus probe report would be submitted soon. The Supreme court of India was informed by the by the committee that 29 mobile devices had been examined.