Google has confirmed reports of the existence of an extremely powerful Android malware (Opens in new tab)And victims have been told they are being targeted.
A Blog post (Opens in new tab)Benoit Sevens, and Clement Lesigne of the company’s Threat Analysis Group, say they were right when Lookout’s cyber security researchers discovered the existence of a dangerous Android virus and warned users. (Opens in new tab) Called Hermit.
Hermit is alleged to have been created by RCS Lab, an Italian software development company, and was initially used by state-sponsored actors to target specific individuals in Italy and Kazakhstan.
Extremely powerful malware
Malware (Opens in new tab) It is extremely powerful, and once installed on the device, it can communicate with its command and control (C2) server to take a number of modules including call logger, audio recorder (both surround and phone call), photo and video harvester, SMS and so on. Email reader, and location tracker.
Hermit works on all versions of Android and is even able to root the device to give yourself even more benefits.
However, the app needs to be downloaded to the device. This cannot be done through Google’s official Android repository, as it cannot be found there. Instead, victims are tempted to download the app via phishing SMS messages TechCrunchThe attackers worked with victims’ telecommunications providers to force them to download the app.
Now that Harmeet’s existence has been confirmed, Google has begun reaching out to victims to warn them that they are being targeted. There is no word on the number of people in question, but considering the potential for malware, we can assume that it is only a handful of high-profile individuals, possibly politicians, journalists and civil rights activists.
Google has also received a version of malware designed for Apple devices, claiming that it misused the company’s Enterprise Developer Certificate to allow the app to be sideloaded. It has leveraged six new exploits, two of which are zero-day (Opens in new tab). Apple is already working on a fix for one of them.
