Google: Carriers Helped Spread Hermit Smartphone Spyware

Google says ISPs helped distribute Hermit smartphone spyware. Providers disabled the mobile data connection of victims, after which hackers sent a text message with a Hermit link ‘to be able to restore the connection’.

The Hermit spyware is according to google Developed by the Italian company RCS Labs, it has been used by hackers to infiltrate smartphones in Italy, Kazakhstan and Syria. In some cases, the hackers allegedly collaborated with carriers to disable the victim’s mobile data connection. The hackers then sent a text message to the customer, with a link to an app to restore that data connection.

In reality, victims linked to Hermit installed spyware that can see messages and passwords, says Citizen Lab researcher against The Guardian† In addition, the malware can take control of phones, record audio, route calls and collect other data. Hermit works on both Android and iOS, on the former the app pretends to be a Samsung app.

How the state hackers collaborated with providers is not clear. Google says partnering with carriers is an indication that Hermit has been used by state hackers. The spyware is said to have been used mainly in a Kurdish region in Syria.

Hermit notification without carrier help

The spyware can also be used without the cooperation of providers: then the hackers pretend that an app has to be installed in order to regain control of a Facebook, WhatsApp or Instagram account. Apple and Google say they have taken steps to counter Hermit. Google’s Threat Analysis Group is increasingly disclosing information about malware, in order to raise awareness among users and developers about malware. RCS Labs says its ‘products and services’ comply with European legislation and ‘help police and investigative services solve crimes’.