Lookout announced the discovery of enterprise-grade Android surveillance software currently in use by the government of Kazakhstan within its borders. Lookout researchers also found evidence of the deployment of the spyware – which Lookout researchers named “Hermit” – in Italy and northeast Syria.
Hermit is likely developed by Italian spyware vendor RCS Lab SpA and Tykelab Srl, a telecommunications solutions company that may operate as a front company. RCS Lab, a developer known for its past dealings with countries like Syria, operates in the same market as Pegasus developer NSO Group Technologies, and Gamma Group, which created FinFisher. This is the first time that a current customer of RCS Lab’s mobile spy software has been publicly identified.
Hermit is a modular surveillance software that conceals its malicious functions in packages that are downloaded only after deployment. The researchers were able to obtain and analyze 16 of the 25 known modules. These modules, along with the core malware permissions, allow Hermit to exploit a rooted device, record audio data, make and redirect phone calls, and collect data such as phone logs. calls, contacts, photos, device location and text messages.
“This discovery gives us deep insight into the operations of a spyware vendor and how sophisticated application-based spyware works,” said Justin Albrecht, threat intelligence researcher at Lookout. “Based on how customizable Hermit is, including its anti-analysis capabilities and even how carefully it handles data, it’s clear that this is a well-developed tool designed to provide surveillance capabilities to nation-state clients. What’s also interesting is that we were able to confirm that Kazakhstan is a likely current RCS Lab customer. It is rare that one is able to identify who are the users of such a spyware supplier”.
According to Lookout researchers, the spyware is distributed via SMS messages pretending to come from a legitimate source. The analyzed malware samples posed as applications from telecommunications companies or smartphone manufacturers. Hermit tricks users into showing them the real web pages of the brands it echoes while running malicious activities in the background.
Lookout is a leading cybersecurity company. Our mission is to secure and energize our digital future in a world where mobility and the cloud are omnipresent in our activities. We enable consumers and employees to protect their data and stay securely connected without violating their privacy or trust. Lookout is trusted by millions of home users, businesses, governments, and partners like AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout also has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.
We want to thank the author of this post for this remarkable content
Lookout discovers Android spyware deployed in Kazakhstan
You can view our social media profiles here as well as other pages related to them here.https://yaroos.com/related-pages/