Google details new commercial spyware `` Hermit'' targeting Android and iOS, iOS version has 6 exploits including 2 zero days

Google and its security team, Project Zero, provide a detailed report on the commercial spyware 'Hermit' targeting Android and iOS. Hermit will record audio around the infected device and collect photos, messages, emails, call history and accurate location information for the device.

Spyware vendor targets users in Italy and Kazakhstan
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/

Project Zero
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html

Google is notifying Android users targeted by Hermit government-grade spyware | TechCrunch
https://techcrunch.com/2022/06/23/hermit-zero-day-android-spyware/

Hermit was discovered by a researcher at Lookout , a developer of security apps for smartphones, who reported in June 2022 that 'spyware is spreading to Android devices in Kazakhstan, Italy and Syria.' The attacker sends a malicious link under the guise of an email from a telecommunications company or a major smartphone maker, and if the victim accesses this link, spyware will be downloaded to the device. The app that was actually uploaded on May 27, 2022 had an icon like Samsung's official app.

Also, when you start it, a screen that looks like an official Vodafone application is displayed, but in fact, it seems that there was also a malicious application for downloading Hermit.

The damaged areas where Hermit is spreading are Kazakhstan and Italy, and it has been confirmed in northern Syria. According to Google, there is a governmental organization behind the Hermit spread, tricking them into working with the targeted victims' carriers to disconnect and regain connectivity. It also reports that it has found evidence of downloading a malicious app that appears to be the official carrier.

In addition, Hermit has an iOS version as well as an Android version, and Lookout reports that 'there is a malicious app that abuses the Apple Developer Enterprise Program to sideload Hermit to devices from outside the App Store.' .. Lookout researchers said they couldn't get a sample of Hermit for iOS, but Google, which worked with Lookout to do a follow-up survey, has a sample.

The iOS app has six exploits , one of which is a zero-day vulnerability that Apple said was exploited before it was fixed, and two of which were previously undiscovered. It was something to poke. Apple spokeswoman Trevor Kincaid said he would revoke all accounts and certificates associated with Hermit.

According to Google and Lookout, Hermit is not distributed in the app store for both Android and iOS. Google has informed users that it is infected on devices that are already infected, and states that the ' Google Play Protect ' built into Android is blocking the execution of Hermit. It also reveals that the Firebase account that Hermit used to communicate with the server has also been frozen.

Google says Hermit eventually turned out to be related to Italian software developer RCS Lab. Regarding the case where a private company developed spyware against the background of a government organization, 'Pegasus' developed by Israeli security company NSO Group is known, and it has already invaded the smartphones of British government officials. Is reported.

What is 'Pegasus', a spyware that monitors celebrities and politicians around the world via iPhone and Android? --GIGAZINE

'We export our products in accordance with national and European rules and regulations. The sale or implementation of our products will only be carried out with the formal permission of the competent authority,' said RCS Lab. We have issued a statement denying involvement.

Google says, 'The commercial spyware industry is prospering and growing at a remarkable rate. This trend should be of concern to all Internet users. Commercial spyware developers are a dangerous hacking tool. It enables proliferation and gives weapons to governments that are unable to develop these features in-house. The use of surveillance technology may be legal under national or international law, but dissidents and journalists. It is often used by governments for the opposite purpose of democratic values targeting human rights activists and opposition politicians, 'he warned.