Hermit Spyware- Key Facts

A cloud-based security company, Lookout, recently discovered a new spyware called “Hermit”.

Key Facts

  • Hermit spyware is capable of affecting Android and iOS devices.
  • As per TechCrunch report, Lookout’s security researchers have informed that, national governments have used the android version of Hermit spyware in “targeted attacks”, with victims in Kazakhstan, Italy and Italy.”
  • Google’s researchers also confirmed the findings of Lookout. It has started notifying Android users regarding the devices that have been compromised by Hermit.

About Hermit spyware

  • Hermit is a commercial spyware and it is known to be used by governments with victims in northern Syria, Kazakhstan and Italy.
  • It was first detected in Kazakhstan, in April 2022, after government violently suppressed protests against its policies.
  • It was also deployed in north-eastern Kurdish region of Syria and by Italian authorities for an anti-corruption investigation.

How is Hermit distributed?

As per the report, Hermit Android app is distributed through text message. The message looks like coming from a legitimate source.  Malware can impersonate other apps developed by telecom companies and manufacturers such as Oppo and Samsung, which tricks the users to download it.

Effect of Malware on Android and iOS devices

As per report, Hermit Android malware is modular because it allows the spyware to download additional components which are required by malware. Like other spyware, Hermit malware also uses different modules for collecting call logs, messages, photos, emails, along with recording audio. It can redirect phone calls and can expose device’s exact location. It can also root phones, by controlling files from command-and-control server.

How are Google and Apple reacting?

Google has notified the affected Android users and has also updated its Play Protect, which is a built-in app security scanner in Android. It will block the app from running. It has also killed firebase account of spyware, which was used to communicate with its servers. Apple has also removed all known “accounts and certificates” related to spyware campaign.



Leave a Reply