: Google warns high-profile Android victims of spyware Hermit #IndiaNEWS #News New Delhi: Google has found strong evidence that enterprise-grade Android spyware called Hermit is being used via SMS messages

Google warns high-profile Android victims of spyware Hermit #IndiaNEWS #News
New Delhi: Google has found strong evidence that enterprise-grade Android spyware called Hermit is being used via SMS messages to target high-profile Android users.
The tech giant has warned all Android victims and implemented changes in Google Play Protect.
Cyber-security researchers last week unearthed Hermit that is being used by the governments via SMS messages to target high-profile people like business executives, human rights activists, journalists, academics and government officials.
Based on our analysis, the spyware, which we named Hermit is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company, the researchers from cyber-security company Lookout Threat Lab had said in a blog post.
Lookout researchers uncovered the surveillanceware that was used by the government of Kazakhstan.
Google said late on Thursday that the government-backed bad actors worked with the targets ISP (internet service provider) to disable the targets mobile data connectivity.
Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications, Googles Threat Analysis Group (TAG) warned.
When ISP involvement is not possible, applications are masqueraded as messaging applications.
Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people.
Last week, the company testified at the EU Parliamentary hearing on Big Tech and Spyware.
TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.
Italian spyware vendor RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus developer NSO Group.
RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
Hermit is a modular spyware that hides its malicious capabilities in packages downloaded after its deployed.
These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.
Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background.
The researchers said they are also aware of an iOS version of Hermit but were unable to obtain a sample for analysis.