Governments in Italy and Kazakhstan found spying on their citizens using Hermit spyware

Hermit Spyware
Honor X9b Ad
Honor X9b Ad

Lookout Threat Lab researchers have discovered enterprise-level spyware used by governments to spy on citizens. The spyware codenamed “Hermit” was created by an Italian company called RCS Lab. We will learn about spyware and its malicious activities in this article.

Hermit Spyware Overview:

RCS Lab’s Hermit spyware recently resurfaced in Kazakhstan, and the government is suspected to be behind its deployment. The samples acquired by researchers imitated websites from Oppo, Samsung, and Vivo.

Hermit: Compromised Oppo support page

It is spread through emails, SMS, and website links that mask themselves as ones from legitimate sources. After installing itself into the system, the spyware can steal user information. Moreover, it can access microphones/cameras, read messages/notifications, and more.

The team behind Hermit, RCS Lab, is a “lawful intercept” company active for over three decades. The company says they only sell their spyware to customers with legit use cases.

RCS Lab says it condemns the abuse of its products. But according to security experts, such spyware is often misused to unethically spy on high-ranking individuals and normal civilians.

Previously, Hermit was detected in regions such as Italy and Syria. Chile, Pakistan, Mongolia, Bangladesh, Myanmar, Vietnam, and Turkmenistan are some of the countries tied to RCS Lab.

According to Google, internet users should be concerned about the growing rate of the commercial spyware industry.

What is it capable of?

The Hermit spyware has over 20 parameters that let the user match their needs. It is also modular, meaning the software’s malicious nature is “hidden inside additional payloads”.

Lookout was able to acquire the following modules:

Hermit Modules Function
Accessibility Event Monitor foreground app.
Account Record account emails.
Address Book Steal contacts.
Audio Record audio.
Browser Steal bookmarks and searches.
Calendar Steal calendar events and attendees.
Camera Take pictures.
Clipboard Steal clipboard content.
Device Info Get device information including OS, phone numbers, apps, kernel, security patch, etc.
File Download Download and install APK files.
File Upload Upload files from the device.
Log Enable/disable verbose logging.
Notification Listener Exfiltrate notification content.
Screen Capture Take screenshots.
Telegram Prompt the user to reinstall Telegram on the device with a downloaded APK.
WhatsApp Prompt the user to reinstall WhatsApp via Play Store.

How to avoid spyware like Hermit?

The safety of your devices depends upon you. Thus, you must be vigilant while browsing the internet. The first step is to keep your phone and apps up to date. These updates help patch vulnerabilities in the system.

Secondly, avoid clicking on links from sources you don’t trust. Emails are the most prominent way of spreading malware. So, double-check where the email is from before clicking on links in them.

Thirdly, only install apps from verified sources. Software from unknown sources can carry hidden malware. Moreover, it can disguise itself as some other software to hide its true nature.

Finally, make sure to check your installed app list and resource usage. Malicious software can install other unwanted applications and consume device resources.

  • Meanwhile, check out our thoughts on the upcoming Nothing phone (1).