Google Warns Hackers Used ISPs to Get Hermit Spyware on Android and iOS

Deepak Gupta June 27, 2022
Updated 2022/06/27 at 7:55 AM

Attacks on Google and Apple smartphones are increasingly common and represent an important source of information. They happen on both Android and iOS and always without users noticing or knowing they are being targeted.

Google has now reported the latest case where hackers have targeted Android and iOS to install Hermit spyware. The strangest thing about this situation is that they had the help of ISPs to do so.




RCS Labs' Hermit has arrived on Android and iOS

It was Google itself who reported one of the more recent situations where Android and iOS were targeted in an attack so that the Hermit spyware was installed and then exploited. This one happened by focusing on users in Italy and Kazakhstan.

The strangest thing about this attack is that it was carried out by the Italian spyware vendor, RCS Labs. This group had already been identified by the Lookout security team, who linked him to Hermit. RCS Labs is dedicated to selling malware to governments and other entities to facilitate access to data on Android and iOS devices.

Google Android iOS Hermit RCS Labs

Attackers Used ISPs to Get This Attack

Lookout researchers believe that the Hermit has already been sent by the Kazakh government and Italian authorities. According to these findings, Google has identified victims in both countries and says it will notify affected users.

The Google team found that some attackers worked with ISPs to shut down a victim's mobile data to promote their scam. The attackers impersonated the victim's SMS operator and tricked users into believing that a malicious app solved their problem. If attackers couldn't work with an ISP, they presented themselves as messaging apps.

Google Android iOS Hermit RCS Labs

Google and Apple have already warned victims of this attack

Apps with Hermit have never been on Google Play or the Apple App Store. However, the attackers offered infected iOS apps by enrolling in Apple's Developer Enterprise Program. This allowed them to bypass the App Store verification process and obtain a certificate.

Apple has since revoked the accounts or certificates associated with this threat. In addition to notifying affected users, Google also sent a Google Play Protect update to all victims.

fbq('init', '1664527397186427'); // Insert your pixel ID here.
fbq('track', 'PageView');
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = "//";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.