While there are still several unanswered questions about the Pegasus spyware, new spyware is wrecking even more havoc. Developed by an Italian vendor RCS Lab, the new spyware Hermit is believed to have targeted both iPhone and Android users in Italy, Kazakhstan, and according to some sources, Syria.
From a technical standpoint, Hermit is way more dangerous than Pegasus was. Hermit is part of a sophisticated malware attack that’s actively used in the wild. Attackers use zero-day vulnerabilities or vulnerabilities that haven’t yet been patched and several other dangerous exploits in Android and iOS code to deploy malware that can take control over someone’s iOS or Android device.
When appropriately implemented, Hermit can launch a sophisticated attack that could fool nearly anyone. One tactic that the attackers have employed, as per Google’s Threat Analysis Group or TAG, is to work with the target’s ISP to disable the target’s mobile data connectivity and send them a malicious link via SMS to recover connectivity, which then installs a data mining and data collecting malware.
As of now, it is unclear whether ISPs in the afflicted areas actively participated in facilitating these attacks or were they compromised to carry them out. In either case, things are not looking for ISPs in afflicted regions.
Another tactic was sending links to convincing, rogue versions of popular apps such as Facebook and Instagram, which again resulted in the target’s phone being infected.
An attacker can deploy more malware that’s hard or impossible to detect or remove when infected. Moreover, this malware can do anything – eavesdropping on your phone conversations, reading your messages, banking OTPs, accessing your camera and microphones, etc. And yes, a malicious actor can even plant stuff onto your device.
With Pegasus, we at least had an assurance that the spyware was used by government agencies and law enforcement agencies only. There was no evidence to suggest that third-party or independent actors had any access to it. That is not the case with Hermit. There are cases where it has been alleged that criminals and other malicious parties have used Hermit to target specific people.
In a statement, RCS Lab, the software development and security firm, has stated that it only works with governments providing technological solutions and technical support to lawful Enforcement Agencies worldwide.
In an ideal world, it would mean that this malware is used only against criminals and terrorists; however, the Pegasus spyware case has shown us that governments around the globe have targeted journalists, political opponents, prominent lawmakers, and judges in their countries, and human rights activists, using malware such as Hermit.
As deceptive as things are with the Hermit, some basic safety precautions can go a long way. Follow these religiously, and there is a good chance that you never get afflicted by these kinds of spyware and malware.
- Keep your device’s software and apps updated. Ensure that you install all security updates promptly.
- Never click on a suspicious link you’ve received on an SMS, even if it is from your service providers, Google, Facebook, or any other service you might be using.
- Always install the apps you need from an authorized app store. Never let any other app download and install some other app.
- Reboot your device daily. That way, if there’s anything suspicious going on, you will see clear evidence of that.
- Use third-party browsers like DuckDuckGo and Vivaldi instead of any bundled browser.