Hermit (spyware)

Hermit
Developer(s)	RCS Lab
Operating system	iOS, Android
Type	spyware
Website	www.rcslab.it

Hermit is spyware developed by the Italian commercial spyware vendor RCS Lab that can be covertly installed on mobile phones running iOS and Android.^[1]^[2]^[3] The use of the software was publicized by Google's Threat Analysis Group (TAG) on June 23, 2022, and previously disclosed by the security research group Lookout.

Details[edit]

According to Lookout, RCS Lab is in the same business as NSO Group, which gained notoriety for its Pegasus spyware, and sells spyware to government agencies. Lookout believes Hermit has been deployed by the governments of Kazakhstan and Italy. Similar to Pegasus, Hermit is capable of tracking calls, location tracking, reading text messages, accessing photos, recording audio, making and intercepting phone calls, and could gain root on Android devices.^[1]^[4] Some attackers would pose as the victim's mobile carrier, sometimes with the carrier's assistance, to trick the victim into downloading an app that would deliver the payload. Another vector used was posing as a legitimate messaging app. While apps containing the spyware were not made available on the iOS app store or Google Play store, malicious actors were able to obtain certificates allowing installation on any iOS device through Apple's Developer Enterprise Program.^[1]^[3] Once Hermit was publicized, Apple said they revoked certificates related to it, and Google said they pushed Google Play Protect updates to all users.

References[edit]

^ ^a ^b ^c Emma Roth (June 25, 2022). "Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS". The Verge.
^ Chance Townsend (June 25, 2022). "Google warns of 'hermit spyware' infecting Android and iOS devices". Mashable.
^ ^a ^b Benoit Sevens; Clement Lecigne (June 23, 2022). "Spyware vendor targets users in Italy and Kazakhstan".
^ Justin Albrecht; Paul Shunk (June 16, 2022). "Lookout Uncovers Android Spyware Deployed in Kazakhstan".

External links[edit]

[theverge-1] Emma Roth (June 25, 2022). "Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS". The Verge.

[mashable-2] Chance Townsend (June 25, 2022). "Google warns of 'hermit spyware' infecting Android and iOS devices". Mashable.

[google-tag-3] Benoit Sevens; Clement Lecigne (June 23, 2022). "Spyware vendor targets users in Italy and Kazakhstan".

[lookout-4] Justin Albrecht; Paul Shunk (June 16, 2022). "Lookout Uncovers Android Spyware Deployed in Kazakhstan".

[1]

[2]

[3]

[4]

Details[edit]

See also[edit]

References[edit]

External links[edit]