Hermit: Android and iOS spyware pushed by governments

New spyware has been discovered on iOS and Android. The application is capable of stealing personal data stored on a phone and would have benefited from the cooperation of certain authoritarian governments to implement.

The web is a dangerous place, especially when surfing on mobile. Google’s cybersecurity engineers have discovered the existence of a new one spyware capable of infecting Android and iOS phones. Nicknamed the Hermit, this piece of malicious code is capable of recording audio calls, reading messages, or leaking your GPS position.

Legit app tunes

Do not panic, but according to researchers from Google and Lookout, the software is specially designed to target targets in Kazakhstan, Syria and Italy. But the capabilities of this spyware as well as how it works make it a perfect example of the dangers of modern digital espionage.

Hermit would have a priori was developed by an Italian company (based in Milan to be exact) called RCS Lab. The company, which has been known for many years, has already partnered with intelligence services in Pakistan, Chile or Vietnam to secretly gather information about populations. It is therefore not the first time that the company is working with more or less authoritarian regimes. Hermit’s methods of infection also suggest that some of the attacks were carried out with the blessing of power.

Hermit infects Android and iOS mobiles by pretending to be a legitimate application from a secure source, while the application will in fact take advantage of several security flaws to suck up personal data. It takes advantage of the ability to install applications from sources other than Apple and Google stores to infect the targeted mobiles. In less discreet cases, a link claiming to help the victim recover their suspended Facebook or WhatsApp account actually pointed to the malicious application. Or rather to an official application, but infested with chunks of malicious code.

Advertising, your content continues below

Collaboration with local ISPs

And in some cases, RCS Lab would have been even smarter. According to security researchers from Lookout and Google, the company has worked with some local operators to implement it spyware. Some victims have seen their mobile Internet access interrupted by their access provider before receiving a message prompting them to download an application that allows them to resolve the issue. Clearly, the application that restored 4G access also installed a lot of small eavesdroppers on the victims’ phones.

Cooperation with certain operators therefore suggests that government agencies may be responsible. This would not be the first time this has happened, as the Italian authorities would also have used it in 2021 as part of an anti-corruption investigation. Google said it warned affected users, and Apple said it was taking steps to protect its iPhones. RCS Lab, for its part, swears that it “exports its products in accordance with national and European rules and regulations after receiving official authorization from the competent authorities;“.

The case is reminiscent of the NSO Group and its famous case spyware Pegasus, which has also been used by several governments around the world. As far as Google is concerned, “The commercial spyware industry is booming and growing at a significant rate. This situation should concern all internet usersIn the meantime, do not install any application offered to you on the web.

Advertising, your content continues below

Advertising, your content continues below

Leave a Comment