Security News > 2022 > June > Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy
An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed.
Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.
Hermit is modular and comes with myriad capabilities that allow it to "Exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages," Lookout researchers Justin Albrecht and Paul Shunk said in a new write-up.
Google's Threat Analysis Group disclosed that at least government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia are buying Android zero-day exploits for covert surveillance campaigns.
"RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher," the researchers noted.
The findings come as the Israel-based NSO Group is said to be reportedly in talks to sell off its Pegasus technology to U.S. defense contractor L3Harris, the company that manufactures StingRay cellular phone trackers, prompting concerns that it could open the door for law enforcement's use of the controversial hacking tool.
News URL
https://thehackernews.com/2022/06/researchers-uncover-hermit-android.html
Related news
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Why Italy Sells So Much Spyware (source)
- New Android spyware found on phone seized by Russian FSB (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)