Google has alerted an unspecified number of Android phone users that they have been infected by a recently spotlighted spyware called Hermit. “We have identified victims in Kazakhstan and Italy,” Google’s Threat Analysis Team (TAG) said in a blog post.
Unlike the Pegasus spyware, developed by NSO Group, which had “zero click” vulnerabilities on the iPhone (the ability to infect a device without the user doing anything), the compromises observed by Google in the case of Hermit start by sending a link to victims.
This link invites them to install an application that poses as either a tool developed by a phone company or a messaging application. In some cases, according to Google, the Hermit user seeking to infect someone has the complicity of a telephone operator to disable the target’s network, and the phishing message invites them to reconnect through the rogue application.
A lot of potentially stolen information
Whether on iOS or Android, Hermit uses different methods to make the victim install the application without going through the official stores (App Store and Google Play Store). Once nestled in the phone’s system, Hermit can then access a number of personal information. On Android, for example, the application asks for permissions to activate the camera and microphone, read SMS messages, etc.
The new information published by Google comes a week after the specialized company Lookout published a long report on Hermit, which is also based on the discovery of infected victims in Kazakhstan, but also in northeastern Syria, where Kurdish populations live.