Google: Providers Helped Spread Hermit Smartphone Spyware

Google says ISPs helped spread Hermit smartphone spyware. Providers switched off victims’ mobile data connection, after which hackers sent an SMS with a Hermit link “to restore the connection”.

The Hermit spyware is according to Google developed by the Italian company RCS Labs and has been used by hackers to infiltrate smartphones in Italy, Kazakhstan and Syria. In some cases, the hackers would have worked with providers to disable the victim’s mobile data connection. The hackers then sent a text message to the customer, with a link to an app to restore that data connection.

In reality, victims with the Hermit link installed spyware that can view messages and passwords, a Citizen Lab researcher says against The Guardian. In addition, the malware can take control of telephones, record audio, transfer calls and collect other data. Hermit works on both Android and iOS, on the former the app pretends to be a Samsung app.

How the state hackers cooperated with providers is not clear. Google says partnering with carriers is an indication Hermit has been used by state hackers. The spyware is said to have been used mainly in a Kurdish region in Syria.

Hermit notification without the help of providers

The spyware can also be used without the cooperation of providers: then the hackers act as if an app has to be installed in order to regain control over a Facebook, WhatsApp or Instagram account. Apple and Google say they have taken steps to counter Hermit. Google’s Threat Analysis Group is increasingly disclosing information about malware to raise awareness about malware among users and developers. RCS Labs says its ‘products and services’ comply with European legislation and ‘help police and investigative services solve crimes’.