Google TAG researchers Benoit Sevens and Clement Lecigne go into detail about the use of entrepreneurial-grade spyware called “Hermit.” This advanced spyware tool allows attackers to steal data, private messages and make phone calls. In their report, TAG researchers linked Hermit to RCS Labs, a commercial spyware vendor based in Italy.
Hermit poses many significant dangers. Due to its modularity, Hermit is highly customizable and allows the functions of the spyware to be changed according to the user’s wishes. Attackers can collect sensitive information such as call logs, contacts, photos, precise location and SMS messages after they are fully placed on the target’s phone.
Sevens and Lecigne’s full report details how attackers can gain access to both Android and iOS devices through clever tricks and drive-in attacks. Potential targets of this scam will disable their data via ISP carriers before sending a malicious link via text to enable them to ‘fix’ the problem. If that doesn’t work, the targets are tricked into downloading malicious apps disguised as messaging apps.
Just last week, the cybersecurity firm Lookout reported that the Hermit was used by agents working in the governments of Kazakhstan, Syria, and Italy.. Google has already identified victims in these countries, and “TAG is actively monitoring more than 30 vendors with varying levels of sophistication and surveillance capabilities to publicly traded sales vulnerabilities or government-sponsored actors.”
The Milan-based company claims to have provided “the latest technological solutions and technical support to law enforcement agencies around the world for more than two decades”. More than 10,000 captured targets are claimed to be handled every day in Europe alone.
when reached for comment by Hacker NewsRCS Labs said its “core business is the design, manufacture and implementation of software platforms dedicated to legal response, forensic intelligence and data analysis” and “helps law enforcement prevent and investigate serious crimes such as acts of terrorism, drug abuse.” human trafficking, organized crime, child abuse and corruption. “
Still, news of spyware being used by state government agents is alarming. Not only does it undermine confidence in the security of the internet, it also puts the lives of anyone whom a government deems enemies of the state, such as dissidents, journalists, human rights workers and opposition party politicians.
“Tackling the malicious practices of the commercial surveillance industry will require a robust and comprehensive approach that includes collaboration between threat intelligence teams, network advocates, academic researchers, governments and technology platforms,” Google TAG researchers wrote. “We look forward to continuing our work in this area and improving the safety and security of our users around the world.”