Everyone has heard about spyware named Pegasus. It is used by various government and non-government organisations to keep surveillance of their citizens. Now, a group of researchers in a mobile service company named Lookout has made a startling revelation. According to a report released by Lookout threat labs, spyware named Hermit, which is supposedly more powerful than Pegasus, is now used by governments to snoop upon their citizens.

Detected first in Kazakhstan in April 2022, and also in Italy and Syria, researchers claim it is one of the most dangerous and powerful spyware. A few months ago, there were reports of how the Kazakhstan government suppressed political protests in the country.  It is believed that this spyware was used to suppress the anti-government protest in the country.

Engineers Paul Shunk and Justin Albrecht wrote on a blog post from Lookout that this spyware collects data from the device of attack used. The data includes call logs, audio recordings, images saved on the device, emails, location etc. While everyone’s spyware does these kinds of activities, what makes Hermit different is its ability to root the phone.

Hermit, was developed by an Italian spyware vendor named RCS Lab and Tyke lab

Hermit can use files in the command and control server to break devices’ protection. Once protection is gone, the spyware will have unlimited access to any kind of data stored in the device. Since user interaction is not necessary for this to happen, victims won’t even know what is happening.

Paul Shunk after analysing the samples of spyware concluded that Hermit can update/modify itself to any kind of operating system it is planted in. Even though Look Out got access to the android version of spyware, researchers believe, a similar version of spyware might be present in the iOS phone also.

How does it attack devices?

Reports suggest that this spyware is planted into a device in similar ways to other viruses. The spyware is inserted into a device when the user clicks any links or opens any messages such as text or images. The message would appear to have come from any trusted brands or stores, such as Samsung or Oppo. Without understanding the danger behind it, the user goes on to open the file and click the link, which immediately gets spyware downloaded to the device.

According to Lookout, this specific spyware, Hermit, was developed by an Italian spyware vendor named RCS Lab and Tyke lab.  Both are companies which provide telecom solutions to different actors in society. No comments have been made by any person related to these companies.

Earlier in 2015, an independent news agency, Wikileaks, had released leaked documents related to RCS Labs. According to WikiLeaks, RCS Lab was a reseller for Memento Labs. Memento Labs is another company which focuses on the internet and cyberspace. Lookout believes that RCS Labs and Tyke Lab are frontal companies for Memento Labs.

According to emails accessed by WikiLeaks, RCS Labs provided technological products related to hacking and snooping to investigative and security agencies in  Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.

How to keep your devices safe from these attacks?
  1. Update your devices connected to the internet regularly
  2. Avoid messages from unknown sources
  3. Avoid clicking links from unknown sources
  4. Do not install unknown apps
  5. Keep your apps updated and uninstall unknown apps and files