Hermit – The Pegasus-like Spyware

Home » Hermit – The Pegasus-like Spyware

Context:

‘Hermit’ is the latest sophisticated spyware in the news, and it is believed to have targeted iPhones and Android devices in Italy and Kazakhstan.

Hermit’s deployment – the spyware has been developed by an Italian vendor called RCS Lab – was first reported by cyber security researchers at the Lookout, a San-Francisco-based cybersecurity firm.

Relevance:

GS III- Cyber Security

Dimensions of the Article:

Hermit is a spyware on the lines of Pegasus by NSO Group. Once installed on a device, it can record audio on the device, carry out unauthorised calls, and carry out many unauthorised activities.
The spyware can steal stored account emails, contacts, browser bookmarks/searches, calendar events, etc.
It can also take pictures on the device, steal device information such as details about applications, the kernel information, model, manufacturer, OS, security patch, phone number, etc.
It can also download and install APK (the app software files on Android) on a compromised phone.
The spyware can also upload files from the device, read notifications, and take pictures of the screen.
Because it can gain access to the root or the ‘privilege’ access of an Android system, Lookout’s research showed, it can uninstall apps like Telegram and WhatsApp.
According to the researchers, the spyware can silently uninstall/reinstall Telegram.
Except the reinstalled version is likely a compromised one. It can also steal data from the old app.
For WhatsApp, it can prompt the user to reinstall WhatsApp via Play Store.
So, once Hermit has been deployed to a phone, it can control and track data from all key applications.

Sophisticated spyware such as Hermit and Pegasus cost millions of dollars in licensing fees, and these are not simple operations.
It’s not like common malware targeting regular users.
And in the case of Hermit, it appears the operations used were complex.
According to Google’s TAG team, all campaigns started with a unique link sent to the victim’s phone.
When the user clicked, the page installed the application on both Android and iOS.

Malware is short for malicious software and it is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.
Ransomware, Spyware, Worms, viruses, and Trojans are all varieties of malware.

Viruses which are the most commonly-known form of malware and potentially the most destructive. They can do anything from erasing the data on your computer to hijacking your computer to attack other systems, send spam, or host and share illegal content.
Worm is a type of malware that spreads copies of itself from computer to computer which can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
Trojan is a type of malware that is often disguised as legitimate software which can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
Spyware collects your personal information and passes it on to interested third parties without your knowledge or consent. Spyware is also known for installing Trojan viruses.
Ransomware is malware that employs encryption to hold a victim’s information at ransom.
Adware displays pop-up advertisements when you are online.
Fake security software poses as legitimate software to trick you into opening your system to further infection, providing personal information, or paying for unnecessary or even damaging “clean ups”.
Browser hijacking software changes your browser settings (such as your home page and toolbars), displays pop-up ads and creates new desktop shortcuts. It can also relay your personal preferences to interested third parties.

-Source: Indian Express