According to a study published by Google’s Threat Analysis Group (TAG), an advanced spyware campaign is trying to trick users into downloading malicious apps with the help of internet service providers. It is stated that the software in question is spyware called Hermit, produced by Italian spyware manufacturer RCS Labs. So far, affected devices have been detected in Italy and Kazakhstan.
Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows spyware to access call logs, location, photos and text messages on a victim’s device. Hermit can also record audio, make phone calls, and interrupt conversations. It can go down to the core of the operating system of Android devices and have full control over the device.
The researchers also say that there are cases where cybercriminals work with their target internet service provider to disable data connections. When the connection is disabled, a message is sent as if it is from the service provider, and users are asked to click on the link in the message.
A message sent via SMS prompts the user to download an application. Although some operators prevent such malicious software from being sent over SMS, the program often disguises itself as an operator and finds a way to reach victims.
Although the program is not distributed through Google Play or the Apple Apple Store, it seems to have managed to spread rapidly via mail or SMS.
47861
