Hermit is able to take advantage of rooted devices, record audio, initiate and reroute phone calls, and gather information just to name a few. As such, its time to forget Pegasus since the new spyware ‘Hermit’ is now being used by governments.
In order to target high-profile individuals including business leaders, human rights activists, journalists, academics, and government officials via SMS messages, authorities are using a new enterprise-grade Android spyware named “Hermit,” which has been discovered by cyber-security experts.
In April, four months after widespread rallies against government policies had been forcefully knocked down, the experts at cyber-security firm Lookout Threat Lab discovered the “surveillanceware” that the government of Kazakhstan had been using, reports Deccan Herald.
“Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,” the researchers said in a blog post.
Hermit is not being used for the first time.
In 2019, Italian authorities employed it in an anti-corruption operation.
“We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,” the team explained.
RCS Lab, a well-known developer with over three decades of experience, competes in the same industry as Pegasus developer NSO Group Technologies and Gamma Group, which developed FinFisher.
RCS Lab has collaborated with military and intelligence organizations in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.
They claim to only supply to clients with legitimate uses for surveillanceware, such as intelligence and law enforcement organizations, and are jointly labeled as “lawful intercept” enterprises.
“In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,” the researchers warned.
Hermit is a modular form of spyware that conceals its dangerous features in files downloaded after it has been installed.
Hermit is able to take advantage of rooted devices, record audio, initiate and reroute phone calls, and gather information including call logs, contacts, images, the position of the device, and SMS messages thanks to these modules and the rights the core programs possess.
“We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers,” said the Lookout team.
Hermit deceives users by presenting the official websites of the brands it impersonates while simultaneously launching malicious operations in the background.
The researchers acknowledged that Hermit has an iOS version, “but were unable to obtain a sample for analysis.”
WikiLeaks-published documents reveal that as early as 2012, RCS Lab served as a reseller for the Italian spyware company HackingTeam, which is now branded as Memento Labs.
Hermit is a highly customizable spyware that has advanced data collection and transmission capability.
By delivering a hash-based message authentication code (HMAC), the spyware also makes an effort to safeguard the data integrity of the evidence it has acquired.
“In a sense, electronic surveillance tools are not that different from any other type of weaponry. Just this month, faced with financial pressure, CEO of the NSO group Shalev Hulio opened up the possibility of selling to ‘risky’ clients,” said the researchers.
The Israeli cyber firm NSO Group created Pegasus, which can be secretly installed on mobile phones and various devices.
It has the ability to read text messages, monitor calls, gather passwords, track locations, access the microphone and camera on the targeted system, and gather data from apps.
In numerous countries around the world, including India, the spyware has been used to monitor activists, journalists, and political figures.
The Pegasus probe report will soon be submitted, the Supreme Court-appointed technical committee informed the court last month.
29 mobile devices were inspected, the committee informed the supreme court.
The technical committee was given more time by the Supreme Court to complete and submit its findings.