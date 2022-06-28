



What you need to know Google security researchers say that some Internet service providers are helping attackers spread spyware campaigns. “Hermit” spyware targets Android and iOS users in Italy and Kazakhstan through malicious downloads. Play store.

A few weeks ago, endpoint security vendor Lookout published findings on a spyware campaign allegedly used by the government to steal sensitive data from users in Kazakhstan and Italy (opens in a new tab). Google backed up the report and warned Android users about “Hermit” spyware.

According to Google’s Threat Analysis Group (opens in a new tab) (TAG), the government has worked with Internet service providers (ISPs) in various countries to spread spyware. It is believed that this malware can infect both Android and iOS devices.

Hermit is designed to seduce unsuspecting users to download malicious apps. This happens after the ISP has worked with the attacker to turn off the victim’s data connection and send an SMS claiming that the connection will only be restored if the app is downloaded.

If this tactic fails, attackers disguise spyware as legitimate services such as mobile operators and messaging apps. Once installed on a mobile device, Hermit downloads modules from command and control servers to get additional functionality.

This gives Hermit access to the user’s call logs, locations, photos and text messages. Spyware also has the ability to record voice, redirect calls, and root Android devices to give an attacker complete control.

Lookout has associated this threat with Italian software vendor RCS Labs. That said, according to the company’s website, the company claims to provide technical support only to government agencies in lawful intercept efforts.

However, Lookout describes the Italian-based software company as similar to NSO Group, known for Pegasus spyware. This program may sound familiar as it is used to spy on activists, journalists and politicians via remote zero-click smartphone surveillance.

RCS Labs did not immediately respond to Android Central’s request for comment. But he told TechCrunch (opens in a new tab) that the company’s products comply with “both domestic and European rules and regulations.”

“Product sales or implementation will only take place after formal approval from the competent authority,” the company said. “Our products are delivered and installed on the premises of authorized customers.”

Lookout researchers have identified victims in Italy, Kazakhstan, and northern Syria. Google did not identify the number of affected people, but as part of it promised to notify users in these countries.

Both Lookout and Google’s TAG claim that Hermit-infected apps have never reached the Google Play or Apple App Store. The search giant has also released a new Google Play Protect update to enhance the security of all Android phones.

