New Delhi: Cyber-security researchers have unearthed a new enterprise-grade Android Spyware named ‘Hermit’ which is being used by governments to target high-profile people such as business executives, human rights activists, journalists, academics and government officials through SMS messages.
A team at cyber-security company Lookout Threat Lab uncovered ‘surveillanceware’ used by Kazakhstan’s government in April, four months after nationwide protests against government policies were violently suppressed.
“Based on our analysis, the spyware, which we named ‘Hermit’, is likely developed by Italian spyware vendor RCS Lab and tykelab srillA telecommunications solutions company, which we suspect is operating as a leading company,” the researchers said in a blog post.
This is not the first time the Hermit has been deployed.
Italian authorities used it in an anti-corruption campaign in 2019.
“We also found evidence that an unidentified actor used it in northeastern Syria, a predominantly Kurdish region that has been the cause of several regional conflicts,” the team said.
RCS Lab, a known developer active for more than three decades, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created finfisher,
RCS Lab has worked with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
Collectively branded as “legitimate interception” companies, they claim to sell only to customers with legitimate uses for surveillance, such as intelligence and law enforcement agencies.
In fact, under the guise of national security, such tools are often misused to spy on business executives, human rights activists, journalists, academics and government officials, warn the researchers.
Hermit is a modular spyware that hides its malicious capabilities in downloaded packages after they are deployed.
These modules, together with the permissions of the core apps, allow the Hermit to exploit rooted devices, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages. enables.
The Lookout team said, “We believe that spyware is distributed through SMS messages pretending to be from a legitimate source. Analysis of malware samples impersonates applications from telecommunications companies or smartphone makers.”
Hermit deceives users by serving legitimate webpages of brands impersonating them as it kickstarts malicious activities in the background.
The researchers said they are also aware of an iOS version of the Hermit “but were unable to obtain a sample for analysis”.
According to leaked documents published in WikiLeaks, RCS Labs was a reseller for another Italian spyware vendor Hacking Team, now known as Memento Labs, in early 2012.
Hermit is a highly configurable spyware with enterprise-grade capabilities to collect and transmit data.
Spyware also attempts to maintain the data integrity of the collected evidence by sending a hash-based message authentication code (HMAC).
“In a sense, electronic surveillance devices are no different from any other type of weapon. This month, faced with financial pressure, the CEO of NSO Group Shalev Hulio Opened up the possibility of selling to ‘risky’ customers,” the researchers said.
Pegasus was developed by Israeli cyber company NSO Group which can be secretly installed on mobile phones and other devices.
It was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and accessing information from apps.
Spyware has been used to monitor activists, journalists and political leaders in many countries around the world, including India.
The Supreme Court-appointed technical committee had last month informed the court that it would soon submit the Pegasus investigation report.
The committee informed the apex court that 29 mobile devices have been checked.
The Supreme Court gave more time to the technical committee to finalize and submit its report.