Security News > 2022 > June > Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls.

Researchers from Google Threat Analysis Group revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware.

Once clicked, victims are redirected to a web page for downloading and installing a surveillance app on either Android or iOS. "The page, in Italian, asks the user to install one of these applications in order to recover their account," with WhatsApp download links specifically pointing to attacker-controlled content for Android or iOS users, researchers wrote.

Researchers outlined in a separate blog post by Ian Beer of Google Project Zero a case in which they discovered what appeared to be an iOS app from Vodafone but which in fact is a fake app.

While Lookout previously shared details of how Hermit targeting Android devices works, Google TAG revealed specifics of how the spyware functions on iPhones.

The emergence of Hermit spyware shows how threat actors-often working as state-sponsored entities-are pivoting to using new surveillance technologies and tactics following the blow-up over repressive regimes' use of Israel-based NSO Group's Pegasus spyware in cyberattacks against dissidents, activists and NGOs, as well as the murders of journalists.

News URL

https://threatpost.com/google-hermit-spyware-android-ios/180062/