In a recent publication, Clément Lecigne & Benoit Sevens - part of the Google Threat Analysis Group (TAG) - alerted on the Hermit spyware, detected in Italy and Kazakhstan. Until now, it has targeted iOS and Android smartphones.
What do we know about Hermit so far? Through a blogpost, Google revealed that RCS Labs, Italian vendor that conceptualizes “atypical drive-by downloads as initial infection vestors”, would have created this spyware. The latter works with the victim’s ISP so as to disable their mobile data connectivity. Then, TAG teams observed that the attackers send an infectious link via SMS, requesting victims to install an application on an unusual download platform. Once installed, Hermit can access all types of data, from SMS to calls, and also camera or gallery. On top of this, it can also record sounds and transfer calls.
As the SMS appears to be sent from the victims' vendor, this sophisticated attack can fool anyone. Most recently, the Lookout team “detected samples from this campaign in April 2022”. Most of them were entitled “oppo.services”, while some others impersonated Samsung and Vivo vendors. Although the Hermit spyware attack did not spread as much as the Pegasus scandal, it puts back the urgent need for better regulations in terms of cybersecurity.
Until we know more about this malware, Google reacted quickly so as to protect users through some updates on Google Play. The company also spread a message to raise awareness and help the entire ecosystem. Besides, Lookout offered some pieces of advice to protect yourself from such spywares:
- Update your phone and apps, so as to ensure the exploits are resolved
- Don’t click on unknown links, especially when the source is unknown
- Don’t install unknown applications, even if their source appear legitimate
- Periodically review your applications, so as to ensure nothing unknown has been added