Google warns of dangerous spyware: more than 10,000 mobiles are infected in Europe every day - Teknogue 24

Google warns of dangerous spyware: more than 10,000 mobiles are infected in Europe every day


The malware, developed by an Italian company, would have affected both Android and iOS users.

After pegasusarrives Hermit. Google, in collaboration with the firm specializing in cybersecurity Lookout Threat Labhas recently published its research in which it is determined that several governments would be using spyware aimed at stealing private information from European users.

The spywareapparently developed by the Italian company RCS LabI would be using a combination of different tactics with the aim of attacking both iOS and Android users. According to investigations, victims have been identified in Italy and Kazakhstan.

android malware

Malware hits Android again, now through spyware that affects thousands of people.

This is how Hermit works, the spyware that infects more than 10,000 people every day

like Pegasus, Hermit seems to be a spyware Mainly used by intelligence agencies and governments, including those of Italy and Kazakhstan. The investigations carried out by Google and Lookout determine that the aforementioned organizations would have used Hermit to access contacts and private messages stored on the devices of its citizens.

However, the malware’s capabilities go much further: it can get data from browser history, files saved on device storage or even review chat history of messaging applications and social networks.

Google explains that, to infect the devices of its victims, Hermit uses a combination of techniques. In all campaigns discovered with this spyware as the protagonist, it was possible to observe how the attack originated with a single link sent to the user’s device. When he agreed, he was urged to download and install the malicious app.

In this sense, it is believed that attacking actors collaborated with internet service providers to deactivate the users mobile data connection, and later they were sent a text message asking them to access a URL and download the infected app with Hermit in order to recover connectivity.

For that reason, most of the applications in which the Hermit code has been discovered they pretended to be mobile operator apps. It has also been possible to find spyware posing as instant messaging applications. Using these techniques, it would be possible to infect nearly 10,000 targets every day, in Europe alone.

Hermit spyware screenshot

Screenshot of a device infected by Hermit: the user is asked to download an application to regain access to their accounts.

To infect Android device users, the user was asked to activate the installation of applications coming from unknown sources. Later, with the app already installed, it obtained access to a large number of permissionsmany of them especially sensitive.

In the case of iOS, things change. Since Apple prevents the installation of apps from sources outside the App Store, it has been determined that Hermit uses the tool of distribution of own applications on Apple devicesaimed at companies and professionalssomething possible thanks to the fact that the company called 3-1 Mobile SRL, after which RCS Lab was located, was within the Apple Developer Enterprise Program and had the necessary permits to be able to take advantage of this distribution channel.

On the part of Google, they have reinforced the protection measures of Google Play Protect and the Firebase projects used by this campaign have been disabled. Furthermore, all the users of Android devices infected by Hermit. Apple, for now, has not commented on the matter.

Related topics: Android


disney logo

Follow Andro4all to find out about all the mobile news Follow us on Google News

See also  From 85 to 35 euros: one of Amazon's most special smart speakers falls on Prime Day

Leave a Reply

Your email address will not be published.