Google researchers flag new Pegasus-like malware attacking Android, iPhones

Google has warned that a spyware dubbed ‘Hermit’, developed by Italian spyware vendor RCS labs is being used to target Apple and Android users in Italy and Kazakhstan. Google’s Threat Analysis Group (TAG) said in its official blog that RCS Labs is in the same line of work as NSO Group — the notorious company behind the Pegasus spyware — and peddles commercial spyware to various government agencies. The findings from the security research group Lookout earlier this month had also flagged similar concerns on the spyware.

The researchers Benoit Sevens and Clement Lecigne said that the sophisticated spyware Hermit poses many significant dangers. It can infect both Android and iPhones by disguising itself as a legitimate source, by taking on the form of a mobile carrier or messaging app. 

As described in the report, Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows the spyware to access the call records, location, photos, and text messages on a victim’s device - giving it full control over its core operating system. 

Google researchers noted the spyware spreads by getting people to click on links in messages sent to targets. "In some cases, we believe the actors worked with the target's ISP (internet service provider) to disable the target's mobile data connectivity. 

"Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. When not masquerading as a mobile internet service provider, the cyber spies would send links pretending to be from phone makers or messaging applications to trick people into clicking, the Google researchers said.

"Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background," they added. 

According to Google researchers, tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers, governments, and technology platforms," 

"We look forward to continuing our work in this space and advancing the safety and security of our users around the world," they said.