Security News > 2022 > June > Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices.

Necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group said in a Thursday report.

Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, in addition to abusing its permissions to accessibility services to keep tabs on the foreground apps used by the victims.

To compromise iOS users, the adversary is said to have relied on provisioning profiles that allow fake carrier-branded apps to be sideloaded onto the devices without the need for them to be available on the App Store.

"As the curve slowly shifts towards memory corruption exploitation getting more expensive, attackers are likely shifting too," Google Project Zero's Ian Beer said in a deep-dive analysis of an iOS artifact that impersonated the My Vodafone carrier app.

What's more, Google TAG raised concerns that vendors like RCS Lab are "Stockpiling zero-day vulnerabilities in secret" and cautioned that this poses severe risks considering a number of spyware vendors have been compromised over the past ten years, "Raising the specter that their stockpiles can be released publicly without warning."

News URL

https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html