Though the looming threat to cybersecurity on different scales is nothing new, more instances of spyware, malware, and ransomware have been steadily rising. Just recently, spyware was newly discovered. It is said to be designed to specifically penetrate through Android gadgets.
A watchdog from Kazakhstan had just recently given off some alarms that signaled that citizens from the said nation were being attacked through this spyware. This was later on confirmed by Lookout Threat Lab in their research report.
This specific spyware is said to be able to compromise and run through a program known has Hermit. It is also said to have quite powerful connections with a certain provider of spyware based in Italy. This specific spyware provider is known to be the RCS Lab. Other than this, in the report, the face company of the spyware has been distinguished as Tykelab.
However, further research had been able to shed light to the observation that the spyware had been successfully deployed across several regions in Kazakhstan. It was even said and thought that a whole government organization was the culprit behind such attacks.
Such spyware was reportedly caught and detected when it was seen to attempt to copy Chinese electronics from Oppo last April 2022. As a result, around 16 modules got analyzed by the malware.
Based on research about this Hermit spyware, certain modules and other app-granted permission can be used to exploit different Android gadgets. Such activities may include executing vital functions, such as recording video and audio, in the middle of having calls redirected. It is also important to keep in mind that malware, in general, has the capacity to collect and store large quantities of data which may include locations, contacts, images, call logs, and other details.
The collected sample that was infected with the said malware was analyzed and observed. It had the capacity to impersonate other apps that were released by established tech companies and even apps that were pre-installed by the makers of the phone.
The question is how the Hermit spyware is capable of executing such illicit activities without being noticed. The answer to this is that the said spyware does it in a comfortable and unsuspecting way. The malware puts out web pages that are legitimate, that belong to esteemed brands, and that the malware likes to copy. As such web pages are released, the malware kickstarts illegal activities in secret.
Aside from this, other records also show that Hermit has quite a shady and suspicious background. Back in 2019, Italian authorities utilized it in their battle against certain corruption advocacies and campaigns. There are also other reports that mention that the shady spyware was also at work in certain conflicts within Syrian regions.
The associated spyware provider, RCS Lab, is actually not a new group. In fact, such providers have been in business for a while now, summing up to 30 whole long years.