The Milan-based RCS lab developed this tool.
Spy on iPhones and Android Smartphones
Google said that the hacking tools of an Italian company were utilized to spy on iPhones and Android smartphones. The company claimed that European law enforcement agencies are its clients.
Both European and American regulators are considering potential new rules over the import of this spyware or its sale.
Apple has already revoked known accounts and certificates related to this hacking campaign. The Italian company has already said that its products comply with the rules and assist law enforcement in investigating chimers.
RCS Lab also denied its participation in activities conducted by its relevant customers. Google has already taken steps in protecting users of its operating system. It has already alerted them about the Italian spyware.
How Does the Spyware Work?
The spyware known as Hermit utilizes different modules. It downloads from its servers to collect call logs, redirect phone calls and gather photos, emails, and messages from the victim’s device. The spyware works on all Android and iPhone versions. It tries to root an infected device. As a result, it grants more access to the user’s data.
The victims will receive a malicious link through text message. The message tricks them into downloading and installing a malicious app from outside of the app store.
In a blog post:
“Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.”
The spyware was not found in the app stores of Apple and Google. However, the tech giant has already notified users of infected devices. It has also updated Play Protect to block the spy tool from running. It also pulled the plug on the spy tool’s Firebase account. This account is used by the tool to communicate with its servers.
This is the latest spyware known to be deployed by state agencies. It’s not known who has been targeted by this tool. But similar spyware has been developed to survey journalists, human rights defenders, and activists.
Hermit and other surveillance apps can benefit from and reuse research from the jailbreaking community. Most of the exploits are from public jailbreak exploits. The vendors aren’t only using comprehensive exploits but they are also using social engineering attacks to entice victims.
This spyware is similar to Pegasus. Hermit is not as stealthy as Pegasus but it can still view passwords and read messages.
The spyware industry is thriving. Unfortunately, it’s growing at a significant rate.
“Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers, governments and technology platforms. We look forward to continuing our work in this space and advancing the safety and security of our users around the world.” –Google