After PEGASUS, emergence of new Spyware Hermit

In order to target high-profile individuals, including business leaders, human rights activists, journalists, academics, and government officials via SMS messages, governments are using a new enterprise-grade Android spyware named "Hermit," which has been discovered by cyber-security researchers.

Hermit is a modular surveillanceware that hides its malicious capabilities in packages downloaded after it’s deployed. Researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders. Whereas NSO, had created the most lethal cyber weapon in the world, called Pegasus, the ultimate spyware, has always maintained the it was being sold only to governments. Pegasus was developed by the Israeli cyber company NSO Group that can be covertly installed on mobile phones and other devices. It was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps.

The sale was under strict supervision of the Israeli government, as per the legal protocol and things have been running fine. There have been thick rumors of its misuse for quite some time and in lots of cases, it was becoming difficult to believe that it was being used only for the purposes, it was meant for or sold for. Currently, a committee is trying to unravel the truth behind it. While India waits with bated breath for the truth to come out, other such enquiries have already started spilling the beans. A special enquiry committee was launched in April 2022 to investigate alleged breaches of EU law. NSO admitted to the European Union lawmakers that the Pegasus tool was used by at least five countries of the region. Google has found strong evidence that enterprise-grade Android spyware called 'Hermit' is being used via SMS messages to target high-profile Android users. Hermit is a highly configurable spyware with enterprise-grade capabilities to collect and transmit data. The spyware also attempts to maintain data integrity of collected evidence by sending a hash-based message authentication code (HMAC).

As per the analysists, the spyware Hermit is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company," the researchers said in a blog post.

RCS Lab, a well-known developer with over three decades of experience, competes in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. RCS Lab has collaborated with military and intelligence organisations in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.

S Mohini Ratna, Editor, VARINDIA