Published July 22, 2022
Author: Ash Khan

Google has discovered victims in both Italy and Kazakhstan.

Google’s Threat Analysis Group (TAG) issued a study on spyware operations targeting Android and iOS users. The company’s doing so in an attempt of tracking the actions of commercial spyware suppliers.

Google TAG details the use of Hermit as commercial-grade spyware. Attackers can use this sophisticated spyware program to collect data, send private messages, and make phone calls. TAG researchers believe Hermit belongs to RCS Labs, an Italian commercial spyware provider.

Hermit offers several serious threats. Hermit is highly adaptable because of its modularity. This allows spyware to change according to the needs of the user. Attackers can steal sensitive information such as call records, contacts, photographs, precise location, and SMS messages if completely installed in the victim’s phone.

According to TAG researchers, the attackers could gain access to both Android and iOS devices using smart tactics and drive-by attacks. Potential victims of this scam will have their data blocked through their ISP provider before being sent a malicious link through SMS to ‘repair’ the problem. If that fails, targets will be fooled into installing malicious programs disguised as messaging apps.

Cybersecurity agency – Lookout uncovered the use of Hermit by spies working for Kazakhstan, Syria, and Italy’s governments. TAG actively tracked more than 30 vendors with varying levels of expertise and public exposure. They were providing spyware and surveillance services to government-backed entities.

The Milan-based organization claims to have provided groundbreaking technology solutions and technical support in the field of legal interception to law enforcement agencies. In Europe alone, more than 10,000 intercepted victims are said to be handled every day.

RCS Labs stated that its core business is the design, production, and implementation of software platforms. It is dedicated to lawful interception, forensic intelligence, and data analysis. The organization claims to assist law enforcement in the prevention and investigation of serious crimes such as acts of terrorism, drug trafficking, organized crime, child abuse, and corruption.

Nonetheless, the news of state government operatives using spyware is disturbing. It not only undermines faith in the internet’s safety but also puts the lives of anybody a government considers an enemy of the state in danger including journalists and opposition party leaders.

Tackling the detrimental commercial surveillance industry practices will necessitate a strong, comprehensive approach. It involves collaboration among threat intelligence teams, network defenders, academic researchers, governments, and technological platforms. Google TAG researchers are excited to continue working in this sector and to advance the safety and security of users all across the world.