Security News > 2022 > June > Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls.
Researchers from Google Threat Analysis Group revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware.
Once clicked, victims are redirected to a web page for downloading and installing a surveillance app on either Android or iOS. "The page, in Italian, asks the user to install one of these applications in order to recover their account," with WhatsApp download links specifically pointing to attacker-controlled content for Android or iOS users, researchers wrote.
Researchers outlined in a separate blog post by Ian Beer of Google Project Zero a case in which they discovered what appeared to be an iOS app from Vodafone but which in fact is a fake app.
While Lookout previously shared details of how Hermit targeting Android devices works, Google TAG revealed specifics of how the spyware functions on iPhones.
The emergence of Hermit spyware shows how threat actors-often working as state-sponsored entities-are pivoting to using new surveillance technologies and tactics following the blow-up over repressive regimes' use of Israel-based NSO Group's Pegasus spyware in cyberattacks against dissidents, activists and NGOs, as well as the murders of journalists.
News URL
https://threatpost.com/google-hermit-spyware-android-ios/180062/
Related news
- New North Korean Android spyware slips onto Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)