"Sophisticated Android Spyware 'Hermit' Used by Governments"

Security researchers at Lookout have analyzed a sophisticated Android spyware family that appears to have been created to serve nation-state customers.  The spyware was dubbed Hermit and appears to be the first publicly identified mobile spyware developed by Italian vendor RCS Lab S.p.A. and Tykelab Srl, which claims to be a telecommunications solutions company, but which is likely a front company.  Tykelab appears closely connected to RCS Lab, with its employees claiming on LinkedIn to be working at both companies.  Active for three decades, RCS Lab appears to operate in the same market as Pegasus developer NSO Group and FinFisher creator Gamma Group.  The researchers stated that the government of Kazakhstan currently uses Hermit to target entities within the country and has found evidence that Hermit was previously used by Italian authorities in 2019 and by an unknown actor in a predominantly Kurdish region of Syria.  The researchers believe that the Android surveillanceware is being distributed via SMS messages that claim to come from legitimate sources.  An iOS version of the threat also exists, but the researchers were unable to obtain a sample.  The researchers stated that the spyware supports 25 modules, each with unique capabilities, to exploit rooted devices, make and redirect calls, record audio and take screenshots, and collect call logs, contacts, messages, browser data, photos, device location, and more.  The researchers say they retrieved and analyzed 16 of these modules.  The researchers noted that Hermit's modular design also allows it to hide its malicious intent through packages that are downloaded when needed.  The initial application functions as a framework with minimal surveillance capability but can fetch modules and activate their functionality as instructed.  One researcher stated that this approach "ensures that automated analysis of the app cannot find any of the spying functionality and makes even manual analysis significantly harder." 

SecurityWeek reports: "Sophisticated Android Spyware 'Hermit' Used by Governments"