Google’s Threat Analysis Group (TAG) recently published its research on spyware named “Hermit” which is capable of exposing both Android and iOS devices. TAG is responsible for tracking and analysing government-backed attacks and hacking. According to a report by TechCrunch, TAG’s official blog has confirmed the existence of the Hermit spyware. The blog accuses Italian software company RCS Lab as the creator of the spyware that can attack iOS and Android users. TAG’s research has identified victims of the Hermit spyware in Italy and Kazakhstan. Meanwhile, Lookout (the first company to report this spyware) claims that it has also been used in Syria.
How is the Hermit spyware spreading?
The sideloading process helped in distributing the Hermit spyware on both platforms outside of the App Store and Google Play Store. In this process, the attackers send a text message with a malicious link that tricks and convinces the victims to download and install the app. Meanwhile, Android allow users to easily install apps from outside the App Store. The same process in iOS devices is a bit more complicated but not impossible. However, Apple has discovered a way to curb the spread of Hermit spyware on its devices, reports 9to5Mac.
What are enterprise apps and how it helped in spreading Hermit?
Apple offers exclusive certificates to companies for distributing enterprise apps to their employees, outside the App Store. As per the report, RCS distributed its fake app to iOS users as an enterprise app that disguised the hermit spyware to look like an official telecom or messaging app. These apps are unable to access internal system files or user data without permission as they run under the same sandbox rules that any other App Store app needs to follow.
However, it is easier for the enterprise apps to take advantage of these exploits found in iOS as Apple doesn’t review such apps. Some of Hermit’s exploits include — recording audio from the microphone, redirecting phone calls, storing photos, messages and emails as well as affecting the current location of the device.
How Apple has stopped the spread of Hermit spyware on its devices
Apple has discovered a way to stop the spread of the Hermit spyware by revoking “all known accounts and certificates associated with the spyware,” the report mentions. This will stop the harmful app from being distributed outside the App Store.
This doesn’t make iOS users completely safe from Hermit as RCS Lab, might find another way “to exploit iOS to distribute their spyware” the report mentions. The best way for smartphone users to stay safe is by not clicking any unknown links or installing apps from unknown sources.
Hermit Spyware: The targets
As per the report, the exact targets of the Hermit spyware are still not clear, however, there is evidence about RCS Lab selling it to “government-backed actors.” The report also mentions that Hermit might work the same way as the NSO Pegasus spyware, which was used by “authoritarian governments to surveil journalists, political opponents, activists, and human rights defenders.”
Nevertheless, this spyware isn’t designed for common users, but its presence might be a major threat to people’s privacy and security, the report suggests. In 2021, Apple Apple filed a lawsuit against the NSO Group accusing the organisation of spending huge amounts to infiltrate the iOS security system and victimise users.
Also Read: Apple to launch a refreshed HomePod with the S8 processor in 2023. Click here to read more.
How is the Hermit spyware spreading?
The sideloading process helped in distributing the Hermit spyware on both platforms outside of the App Store and Google Play Store. In this process, the attackers send a text message with a malicious link that tricks and convinces the victims to download and install the app. Meanwhile, Android allow users to easily install apps from outside the App Store. The same process in iOS devices is a bit more complicated but not impossible. However, Apple has discovered a way to curb the spread of Hermit spyware on its devices, reports 9to5Mac.
What are enterprise apps and how it helped in spreading Hermit?
Apple offers exclusive certificates to companies for distributing enterprise apps to their employees, outside the App Store. As per the report, RCS distributed its fake app to iOS users as an enterprise app that disguised the hermit spyware to look like an official telecom or messaging app. These apps are unable to access internal system files or user data without permission as they run under the same sandbox rules that any other App Store app needs to follow.
However, it is easier for the enterprise apps to take advantage of these exploits found in iOS as Apple doesn’t review such apps. Some of Hermit’s exploits include — recording audio from the microphone, redirecting phone calls, storing photos, messages and emails as well as affecting the current location of the device.
How Apple has stopped the spread of Hermit spyware on its devices
Apple has discovered a way to stop the spread of the Hermit spyware by revoking “all known accounts and certificates associated with the spyware,” the report mentions. This will stop the harmful app from being distributed outside the App Store.
This doesn’t make iOS users completely safe from Hermit as RCS Lab, might find another way “to exploit iOS to distribute their spyware” the report mentions. The best way for smartphone users to stay safe is by not clicking any unknown links or installing apps from unknown sources.
Hermit Spyware: The targets
As per the report, the exact targets of the Hermit spyware are still not clear, however, there is evidence about RCS Lab selling it to “government-backed actors.” The report also mentions that Hermit might work the same way as the NSO Pegasus spyware, which was used by “authoritarian governments to surveil journalists, political opponents, activists, and human rights defenders.”
Nevertheless, this spyware isn’t designed for common users, but its presence might be a major threat to people’s privacy and security, the report suggests. In 2021, Apple Apple filed a lawsuit against the NSO Group accusing the organisation of spending huge amounts to infiltrate the iOS security system and victimise users.
Also Read: Apple to launch a refreshed HomePod with the S8 processor in 2023. Click here to read more.
Related Posts
Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.
