Skip to main content

BIG BROTHER: Lookout Threat Labs uncover widespread deployment of Surveillanceware

Lookout Threat Labs uncover widespread deployment of Hermit Surveillanceware
Posted By Iain Fraser - Cybersecurity Journalist

Researchers at Lookout Threat Labs have uncovered several instances of the deployment of Hermit an enterprise-grade Android Surveillanceware including the government of Kazakhstan and this isn't the first time Hermit has been deployed. 

Lookout have reported that they were aware that the Italian authorities deployed "Hermit" in an anti-corruption operation in 2019. They have also found evidence suggesting that an unknown actor used it in north-eastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts. 

Lookout Threat Labs were already monitoring this threat for a while using Lookout Endpoint Detection and Response (EDR) however, these latest samples were detected in April 2022, four months after nation-wide protests against government policies were violently suppressed.

Based on their analysis, the spyware, named “Hermit” is likely developed by Italian spyware vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company that Lookout suspects is operating as a front company for the original developers.

RCS Lab is a known developer that have been active over the last thirty years operating in the same arena as Pegasus developer NSO Group Technologies and Gamma Group. These types of Surveillanceware are deemed legal incept technologies however all the companies named here all claim that they only sell to recognised government, the intelligence community and of course law enforcement. Learn More/...

Cyber Knowledgebase - What is Hermit?

What is Hermit?

Named after a distinct server path used by the attacker’s command and control (C2), Hermit is a modular Surveillanceware that hides its malicious capabilities in packages downloaded after it’s deployed.

These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.

It is thought that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers. Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background. There is also an iOS version of Hermit but to date no independent analysis has been conducted.

About Lookout Threat Labs
Pushing the Boundaries of Cybersecurity

Lookout Threat Labs is an integrated endpoint-to-cloud security company. Our mission is to secure and empower our digital future in a privacy-focused world where mobility and cloud are essential to all we do for work and play.

We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, the largest enterprises and government agencies, and partners such as AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. Learn More: Visit www.lookout.com and follow Lookout on its blog,  LinkedIn, and Twitter 


Cybersecurity Journalist
Image Credit: Phillip Sidek
Labels:
Location: Gibraltar

Comments

Post a Comment

Popular posts from this blog

CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...
Post a Comment
Learn More »

CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive

28th November 2023  CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire ECSO is delighted to announce the launch of its new, ground-breaking initiative: Cyberhive EUROPE. Cyberhive is the first-ever European marketplace co-created with- and for the European cybersecurity ecosystem, and will offer global accessibility to all Europe-headquartered cybersecurity solution providers, while also being freely accessible to end-users worldwide. Through the Cyberhive, ECSO will connect market players, promote European-made products, and ultimately strengthen the European cybersecurity market as a whole. To learn more about the Cyberhive, read below.  The second Annual CISO Meetup, organised by ECSO, starts today! Over 150 CISOs are joining us in Florence from all over Europe to engage in high-level discussions on critical cybersecurity topics. Read more below. Learn More /... ...
Post a Comment
Learn More »

CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...
Post a Comment
Learn More »