An enterprise-grade surveillanceware has been dubbed Monk Used by entities operating between Kazakhstan, Syria and Italy since 2019, new research reveals.
Lookout blames the spy software, which is designed to target both Android and iOS, an Italian company called RCS Lab SPA and Tycalab SRL, a telecom service provider that suspects it is a front company. The San Francisco-based cybersecurity firm said it had identified the operation targeting Kazakhstan in April 2022.
Hermit modular and comes with a myriad of capabilities that allow it to “absorb a rooted device, record audio and make phone calls and redirects as well as collect data like call logs, contacts, photos, device location and SMS messages,” lookout researchers Justin Albrecht and Paul Shank Says In a new article
The spyware is believed to have been transmitted via SMS messages that trick users into installing seemingly harmless apps from Samsung, Vivo and Oppo, which, when opened, load a website from a disguised company and secretly activate the kill chain in the background.
Like other Android malware threats, Hermit is an engineer for misusing access to accessibility services and other key elements of the operating system (e.g., contacts, cameras, calendars, clipboards, etc.) for most of its malicious activity.
Android devices were the last to receive spyware in the past. In November 2021, the threat tracked as APT-C-23 (aka Arid Viper) was linked to a wave of attacks targeting Middle Eastern users with new variants of the actor FrozenCell.
Then last month, Google’s Threat Analysis Group (TAG) revealed that at least government-backed actors in Egypt, Armenia, Greece, Madagascar, C ডিte d’Ivoire, Serbia, Spain, and Indonesia were buying Android Zero-Day Exploit for covert surveillance.
“RCS Lab, a well-known developer that has been active for more than three decades, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created Finfisher,” the researchers noted.
“Collectively branded as a ‘legal barrier’ company, they claim to sell to consumers legitimate use of surveillance materials, such as intelligence and law enforcement agencies. Journalists, academics and government officials. “
The Israel-based NSO group said the inquiries came Spoken Inside Conversation To sell its Pegasus technology to U.S. defense contractor L3 Harris, the company that manufactures it Stingray The cellular phone tracker, however, expressed concern that it could open the door for law enforcement to use the controversial hacking tool.
German manufacturer behind Finfisher It is facing its own problems in the wake of a crackdown on suspected violations of foreign trading laws by selling spyware in Turkey without obtaining the required licenses.
In early March, it closed its operations and filed for bankruptcy. Network policy And Bloomberg The report added, “The office has been disbanded, employees have been laid off, and business activities have stopped.”
