Google has confirmed reports of the existence of an extremely potent Android malware, and notified victims that they’re being targeted.
In a blog post, Benoit Sevens, and Clement Lecigne of the company’s Threat Analysis Group said cybersecurity researchers from Lookout were right when they discovered, and warned users, of the existence of a dangerous Android virus called Hermit.
Hermit is allegedly built by an Italian software development company RCS Lab, and was initally used by state-sponsored actors to target certain individuals both in Italy and in Kazakhstan.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Extremely potent malware
The malware is extremely potent, and once installed on the device, can reach out to its command & control (C2) server to pick up numerous modules, including call loggers, audio recorders (both ambient and phone calls), photo and video harvesters, SMS and email readers, and location trackers.
Hermit works on all versions of Android, and is even capable of rooting the device to grant itself even more privileges.
Still, the app needs to be downloaded onto the device. That can’t be done via Google’s official Android repository, because it can’t be found there. Instead, the victims are lured into downloading the app via phishing SMS messages and according to TechCrunch, the attackers worked with the victims’ telecommunications providers to force them into downloading the app.
Now, as the existence of Hermit is confirmed, Google started reaching out to victims to warn them that they’re being targeted. No word on the number of people in question, but given the potential of the malware, we can assume it’s only a handful of high-profile individuals, possibly politicians, journalists, and civil rights activists.
Google has also obtained a version of the malware designed for Apple devices, and said it abuses the company’s enterprise developer certificate to allow the app to be sideloaded. It leveraged six new exploits, two of which are zero-days. Apple is already working on a fix for one of them.
Via: Tech Crunch