TechCrunch: Google is notifying Android users targeted by Hermit government-grade spyware. https://techcrunch.com/2022/06/23/hermit-zero-day-android-spyware/
Image Credits: Bryce Durbin / TechCrunch Security researchers at Lookout recently tied a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software house RCS Lab. Now, Google threat researchers have confirmed much of Lookout’s findings and are notifying Android users whose devices were compromised by the spyware. Hermit is a commercial spyware known to be used by governments, with victims in Kazakhstan and Italy, according to Lookout and Google. Lookout says it’s also seen the spyware deployed in northern Syria. The spyware uses various modules, which it downloads from its command and control servers as they are needed, to collect call logs, record ambient audio, redirect phone calls and collect photos, messages, emails and the device’s precise location from a victim’s device. Lookout said in its analysis that Hermit, which works on all Android versions, also tries to root an infected Android device, granting the spyware even deeper access to the victim’s data. Lookout said that targeted victims are sent a malicious link by text message and tricked into downloading and installing the malicious app — which masquerades as a legitimate branded telco or messaging app — from outside of the app store. According to a new blog post published Thursday and shared with TechCrunch ahead of its publication, Google said it found evidence that in some cases the government actors in control of the spyware worked with the target’s internet provider to cut their mobile data connectivity, likely as a lure to trick the target into downloading an telco-themed app under the guise of restoring connectivity.
