Not Pegasus, this new spyware now being used by governments to target high-profile people
Cyber-security researchers have found a new Android spyware called Hermit that is reportedly being used by the governments to target high-profile officials. The list of high-profile people includes business executives, human rights activists, journalists, academics and government officials.
According to reports, the spyware is installed in the target’s system via a SMS. As per security researchers Lookout, the spyware was first spotted in Kazakhstan then cases from Syria and Italy were also reported a couple of days later.
The researchers in a blog post that based on their analysis, the spyware, which was named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company that they suspect to be operating as a front company.
As per security researchers Lookout, Hermit was first spotted in Kazakhstan in April. Reports said that it was spotted months after the Kazakh government suppressed protests against government policies. The spyware was also used to target high profile people in northeastern Kurdish region of Syria and Italy as part of anti-corruption investigation. This malware is claimed to be able to run on all Android versions.
TechCrunch reported that Lookout researcher Paul Shunk told that “Hermit checks the Android version of the device running the app at various times in order to adapt its behavior to the version of the operating system, it stands out from other app-based spyware.”
The spyware is spreading malicious Android apps through text messages that the user is tricked into believing that the message is coming from a legitimate source, said researchers. The malicious apps impersonates apps from telecoms companies and smartphone brands like Samsung and Oppo. The Android users are currently being targeted with the Spyware, Lookout said that it was unable to spot an iOS spyware of similar nature.
“We theorize that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers,” the researchers blog read. It also added that “Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background.”
Like Pegasus, the Hermit spyware can also record calls, see text message, transmit call logs and do more things without the knowledge of the user.