New Android Spyware – Out with Pegasus, In with Hermit

In a land of oppression, no one can speak their minds – someone is always listening. The use of malware has become a common practice among cybercriminals. But to learn that the country’s government is deploying Hermit Android spyware in targeted attacks, that’s major news.

Spying on citizens isn’t new for oppressive countries, but that mainly occurs directly through ISPs and the like. Not only that, but the government does it under certain laws.

Now, with Hermit, things took an odd turn. Its myriad capabilities can cause a lot of damage and it’s pretty intrusive considering what data it collects.

We have to ask: How is this spyware implemented? What capabilities does it have? And what countries is it used in? We’ll answer everything in the following article.

Hermit Spyware – A New Level of Surveillance

When it comes to the internet, not every country is considered to be “OK” with freedom of speech. In fact, a lot of regions suppress their residents’ rights to exercise their online freedom by passing down laws and regulations that support surveillance systems.

Countries such as Italy, Syria, and Afghanistan may adopt some oppressive regimes in their regions. But again, it’s all according to the law. Or at least, it should be.

When this surveillance is carried out stealthily using spyware, that’s when you know the country is taking it too far. Lookout researchers Justin Albrecht and Paul Shunk’s study revealed everything about Hermit.

Apparently, entities operating from within Kazakhstan, Syria, and Italy over the years since 2019 are using this enterprise-grade surveillanceware to monitor users in their respective regions.

The spyware comes with several capabilities, which prove how truly intrusive it is. This is what the study showed:

“Hermit is modular and comes with myriad capabilities that allow it to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.”

Now the question is: How are these companies deploying the spyware? Easy! They’re using the exact thing that criminal organizations operate with – phishing campaigns.

Phishing for Information!

In Kazakhstan, the phishing campaign includes an impersonation of the Chinese electronic manufacturer Oppo. The malware disguises its malicious activity as an official Oppo support page in the Kazakh language.

It doesn’t end with an Oppo impersonation. According to the study, the spyware also took the form of samples from giants like Samsung and Vivo.

As for the campaigns in other regions, particularly Syria, the trick comes in the form of “Rojava Network,” a social media brand on Facebook and Twitter that provides news coverage and political analysis of the region. It’s often in support of SDF operations.

The campaigns are targeting both iOS and Android. In Italy, the companies RCS Lab S.p.A and Tykelab Srl seem to be behind the spyware’s execution.

Everything is out of the ordinary. Using spyware to perform surveillance? This is new. Not only that, but since the spyware can access contacts, cameras, calendars, and clipboards, it’s definitely dangerous.

Hermit Spyware – The Government Wants to Know

Hermit disguises itself as a legitimate entity, namely telecommunications companies or smartphone manufacturers. This is the first step it takes to trick victims and infiltrate their devices.

Once in, the spyware can do all sorts of malicious practices, including data harvesting, tracking, as well as gaining full accessibility.

The spyware is distributed through phishing, which means it can be avoided. Don’t fall for tricks such as these. You’ll always find at least one factor that shows they’re fake. Stay safe.