Google is notifying Android users targeted by government-grade spyware Hermit – TechCrunch

Security researchers at Lookout recently mount a previously unallocated Android mobile spyware, dubbed Hermit, for Italian software house RCS Lab. Now, Google threat researchers have confirmed many of Lookout’s findings and are notifying Android users whose devices have been compromised by spyware.

Hermit is a commercial spyware used by governments, with victims in Kazakhstan and Italy, according to Lookout and Google. Lookout said it has also seen spyware deployed in northern Syria. Spyware uses various modules it downloads from its command and control servers as needed, to collect call logs, record ambient sounds, divert calls phone and collects photos, messages, emails, and exact device location from the victim’s device. Lookout said in its analysis That hermit, which works on all Android versions, also attempts to root an infected Android device, granting the spyware deeper access to the victim’s data.

Lookout says targeted victims received a malicious link by text message and were tricked into downloading and installing the malicious app – masquerading as a legitimately branded messaging or telecommunications app. France – from outside the app store.

According to a new blog post published Thursday and shared with TechCrunch ahead of publication, Google says it has found evidence that in some cases, government members control software. The spy worked with the target’s internet provider to cut off their mobile data connection, possibly as a lure to trick the target into downloading a telecom-themed app under the guise of restoring the connection.

Google also analyzed a sample of Hermit spyware targeting iPhones, which Lookout said it was previously unable to obtain. As discovered by Google, the Hermit iOS app – an app that abuses Apple’s enterprise developer certificates that allows spyware to be transferred to a victim’s device from outside the app store – is packaged with six different exploits, two of which are unseen vulnerabilities. – or zero-days – at the time of their discovery. One of the zero-day vulnerabilities known to Apple is actively exploited before it is fixed.

Neither Android nor iOS versions of the Hermit spyware were found in app stores, according to both companies. Google says it has “notified Android users about infected devices” and has updated Google Play Protect, the built-in app security scanner for Android, to block apps from running. Google said it also unplugged the spyware’s Firebase account, which the spyware uses to communicate with its servers.

Google did not say how many Android users it notified.

When asked by TechCrunch whether Apple would deactivate the enterprise certificate used to sign the iOS version of the spyware, which would render the spyware inoperable, an Apple spokesperson did not comment. .

Hermit is the latest government-grade spyware deployed by state agencies. While it is not known who has been targeted by the government using Hermit, similar mobile spyware developed by hacking companies for hire, such as NSO Group and Candiru, has been implicated in surveillance. close journalist, activist and human rights defender .

When reached for comment, RCS Lab issued an unlicensed statement, which read: “RCS Lab exports its products in compliance with both national and European rules and regulations . All sales or product deployment activities are carried out only after receiving official permission from the competent authorities. Our products are delivered and installed in the approved customer premises. RCS Laboratories staff may not interact with, nor participate in, any activities conducted by the relevant clients. “

You can reach this reporter on Signal and WhatsApp at +1 646-755-8849 or by email.

Source link


News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button