Android spyware uncovered by threat watchdog

Spyware that targets Android-based devices has been detected being used by the government of Kazakhstan against its own citizens, according to research by Lookout Threat Lab.

The program, dubbed Hermit, has been linked to Italian spyware provider RCS Lab and what Lookout believes is its front company, Tykelab.

“Our analysis suggests that Hermit has not only been deployed to Kazakhstan, but that an entity of the national government is likely behind the campaign,” said Lookout. “To our knowledge, this marks the first time that a current customer of RCS Lab’s mobile malware has been identified.”

Lookout intercepted Hermit after it caught it impersonating Chinese electronics firm Oppo in April, and analyzed 16 of its 25 constituent modules.

“These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages,” it said, adding that the spyware is distributed via the latter, which are faked as coming from “a legitimate source.”

“The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers,” it said. “Hermit tricks users by serving up the legitimate web pages of the brands it impersonates as it kickstarts malicious activities in the background.”

Shady history

Hermit was also used by the Italian government in an “anti-corruption operation” in 2019, Lookout claimed, adding: “We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts.”

RCS Lab has been in business for more than thirty years and belongs to a category of “lawful intercept” companies that sell spyware to what they claim are legitimate customers, such as government intelligence agencies.

“In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics, and government officials,” said Lookout.

Other firms offering spyware include NSO Group Technologies, which created the Pegasus program, and Gamma Group, which was behind FinFisher.

More from Cybernews:

Oppressors used Pegasus for nefarious means. It can't be that shocking

French prosecutor opens probe after Pegasus spyware complaint

Elon Musk discusses layoffs and aliens in Twitter staff addresses

Big Tech commits to combating disinformation in the new Code of Practice

Best VPNs for Android 2023: Fast & Secure Apps

Subscribe to our newsletter