Google: ISPs Are Helping Attackers Spread Hermit Spyware on IOS and Android

According to research from Google’s Threat Analysis Group (TAG), a complex spyware operation uses internet service providers (ISPs) to lure people into downloading malicious apps.

(Photo : KIRILL KUDRYAVTSEV/AFP via Getty Images)
A picture taken on April 15, 2022 in Moscow shows the US multinational technology and Internet-related services company Google’s logo on a tablet screen.

The Verge noted that this finding supports earlier research from the security research team Lookout, which connected the spyware Hermit to the Italian spyware producer RCS Labs.

All About the Hermit Spyware

Lookout claims that RCS Labs sells commercial spyware to numerous government agencies and works in the same industry as NSO Group, which created the Pegasus spyware.

Hermit, according to researchers at Lookout, has already been used by the governments of Italy and Kazakhstan. Google said it has determined victims from these countries and will inform the affected individuals.

According to Lookout’s research, Hermit can download advanced capabilities from a command and control (C2) server that can access sensitive information such as pictures, text messages, location, and many more.

Hermit can also make and receive phone calls, capture audio, and break an Android device to gain complete access to its operating system. By posing as a trusted source, such as a messaging app, the spyware can spread to both Android and iPhone devices.

Read also: Google Finds New Spyware Designed to Attack iOS and Android Devices 

Google’s Findings

Google discovered that several attackers collaborated with ISPs to disable a victim’s mobile data in order to progress with their plan. The malicious program download would lead consumers to believe that their internet connectivity would be restored. 

The company claims that if attackers failed to communicate with an ISP properly, they pretended to be legitimate chat apps and tricked consumers into downloading them.

According to Google’s report, the TAG has uncovered nine zero-day vulnerabilities since 2021, and seven of them were created by commercial suppliers and marketed to and leveraged by government-supported attackers.

TAG has been monitoring more than 30 vendors with several degrees of visibility and sophistication who provide vulnerabilities or surveillance tools to government-backed actors.

The results of Google’s research highlight the degree to which commercial surveillance vendors have disseminated capabilities previously solely employed by governments with the technical know-how to create and implement exploits.

According to the tech company, this compromises the security of the Internet and jeopardizes user confidence.

Hermit-containing apps, according to researchers from Lookout and TAG, were never made available through Google Play or Apple’s App Store. However, by signing up for Apple’s Developer Enterprise Program, attackers were able to spread compromised programs on iOS. 

This made it possible for malicious users to obtain a certificate that “satisfies all of the iOS code signing requirements on any iOS devices” without going through the App Store’s usual verification process.

Related Article: Apple, Google has to be Investigated for Selling User Data, According to US Lawmakers 

This article is owned by Tech Times

Written by Joaquin Victor Tacla

ⓒ 2021 All rights reserved. Do not reproduce without permission.

Source link