Skip to main content

Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS

Illustration by Alex Castro / The Verge

A sophisticated spyware campaign is getting the help of internet service providers (ISPs) to trick users into downloading malicious apps, according to research published by Google’s Threat Analysis Group (TAG) (via TechCrunch). This corroborates earlier findings from security research group Lookout, which has linked the spyware, dubbed Hermit, to Italian spyware vendor RCS Labs.

Lookout says RCS Labs is in the same line of work as NSO Group — the infamous surveillance-for-hire company behind the Pegasus spyware — and peddles commercial spyware to various government agencies. Researchers at Lookout believe Hermit has already been deployed by the government of Kazakhstan and Italian authorities. In line with these findings, Google has identified victims in both countries and says it will notify affected users.

As described in Lookout’s report, Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows the spyware to access the call records, location, photos, and text messages on a victim’s device. Hermit’s also able to record audio, make and intercept phone calls, as well as root to an Android device, which gives it full control over its core operating system.

The spyware can infect both Android and iPhones by disguising itself as a legitimate source, typically taking on the form of a mobile carrier or messaging app. Google’s cybersecurity researchers found that some attackers actually worked with ISPs to switch off a victim’s mobile data to further their scheme. Bad actors would then pose as a victim’s mobile carrier over SMS and trick users into believing that a malicious app download will restore their internet connectivity. If attackers were unable to work with an ISP, Google says they posed as seemingly authentic messaging apps that they deceived users into downloading.

Researchers from Lookout and TAG say apps containing Hermit were never made available via the Google Play or Apple App Store. However, attackers were able to distribute infected apps on iOS by enrolling in Apple’s Developer Enterprise Program. This allowed bad actors to bypass the App Store’s standard vetting process and obtain a certificate that “satisfies all of the iOS code signing requirements on any iOS devices.”

Apple told The Verge that it has since revoked any accounts or certificates associated with the threat. In addition to notifying affected users, Google has also pushed a Google Play Protect update to all users.



Source: The Verge

Popular posts from this blog

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

You can make your new Pixel look like a Teenage Mutant Ninja Turtle

A cool thing about Google’s Pixel 6 series phones is their unique camera bar design . If the finish of that strip were a different color than black — specifically blue, orange, purple, or red — it would totally look kind of like the Teenage Mutant Ninja Turtles . And now that you can’t unsee the resemblance, device outfitter Dbrand would like to help make your Pixel 6 device look like one of your favorite childhood heroes. With Google’s latest phone the Pixel 6a releasing next week , Dbrand decided it's a good time to revisit the sewers and launch its Teenage Mutant Ninja Pixels decals for all three phones. They match the green heroes-in-a-half-shell plus their masks, and include four camera decal strips that reflect the colors of Leonardo, Michelangelo, Donatello, and Raphael. Personally, I think the Pixel 6a’s two-camera array does the best job looking like proper eyes (the spidery camera array of the Pixel 6 and 6 Pro, not so much). Available now for the Pixel 6a: https://

HBO just canceled this comedy, despite its 100% Rotten Tomatoes rating

HBO has canceled animated comedy after three seasons.  Close Enough was created by JG Quintel, the man behind cult comedy Regular Show, who also topped the bill of voice actors, which included Gabrielle Walsh, Jason Mantzoukas, Kimiko Glenn, Jessica DiCicco, James Adomian and Danielle Brooks. Close Enough followed Josh and Emily – and their young daughter Candice – a couple in their late 30s, who live in a Los Angeles duplex with their divorced friends, Alex and Bridgette. The show chronicled their lives as they dealt with everyday challenges, with things frequently taking surreal and sci-fi style turns.  Originally intended to air on TBS in 2017, after a series of delays, the show debuted on HBO Max in 2020. Three seasons of eight episodes each have been broadcast, with the most recent season coming to a close in early April of 2022.  The show has featured a number of high-profile guest stars during its run, including the likes of Jane Lynch, Henry Winkler, "Weird Al"