Remember the Pegasus spyware controversy that shook the world. Well, Pegasus is no longer the latest spyware and the plot has thickened. ‘Hermit’ – a new enterprise-grade Android spyware is being used by the governments via SMS messages to target high-profile people. These people may include business executives, human rights activists, journalists, academics and government officials.
New ‘surveillance-ware’ on the prowl
Cyber-security company Lookout Threat Lab discovered that the new ‘surveillance-ware’ was used by the government of Kazakhstan in April. This was four months after nationwide protests against the Kazakh government’s policies were suppressed by the use of violence.
Lookout Threat Lab researchers in a blog post wrote that, “Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company.”
“We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,” the researchers said.
When was Hermit first deployed?
The first time Hermit was deployed was in an anti-corruption operation by the Italian authorities in 2019.
Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher operate in the same market at the creators of ‘Hermit’ – RCS Lab. The company has been a known developer for over three decades.
Who uses Hermit?
The governments, military and intelligence of Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan have all engaged or contracted RCS Labs for various tasks. RCS Lab is branded as a “lawful intercept” company and claims it only provides its spyware to intelligence and law enforcement agencies that have a legitimate need for it.
Despite this, researchers warned that, “In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials.”
How does Hermit Work?
A modular spyware, ‘Hermit’ hides its malicious capabilities in packages downloaded after it’s deployed. These modules help Hermit to exploit a rooted device, record audio and make and redirect phone calls. The spyware can also collect data such as call logs, contacts, photos, device location and SMS messages.
Lookout Threat lab researchers insist that, “We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers.”
Hermit confuses users by serving up the legitimate webpages of the brands it copies as it starts its malicious activities in the background. Researchers say an ios version of the spyware too is available but have been able to get their hands on it for analysis.
Wikileaks had revealed that RCS Lab was a reseller for another Italian spyware vendor – HackingTeam which is now known as Memento Labs.
It must be remembered that Pegasus software, which was used for surveillance of activists, journalists and political leaders from several nations around the world, was developed by the Israeli cyber company NSO Group.
