The Threat Analysis Group (TAG) of Google released a study on spyware operations aimed at Android and iOS users on Thursday as part of the company’s attempts to monitor the activity of commercial spyware suppliers.
The usage of “Hermit,” a commercial-grade spyware program, is discussed in detail by Google TAG researchers Benoit Sevens and Clement Lecigne. Attackers are able to make phone calls, steal data, and access private messages thanks to this sophisticated spyware technology. The Italian-based commercial spyware vendor RCS Labs is credited by TAG researchers with creating Hermit in their investigation.
There are numerous serious risks with hermit. Hermit’s modular design makes it very adaptable, enabling users to change the spyware’s features as they see fit. Attackers can gather private data including call history, contacts, images, SMS messages, and exact location after they have gained full access to a target phone.
The whole research by Sevens and Lecigne describes how drive-by attacks and cunning ploys can be used by attackers to get access to both Android and iOS devices. Before delivering a malicious link through text to convince potential victims to “repair” the problem, the ISP carrier will disable the potential victims’ data. If that fails, targets will be persuaded to download malicious apps that pose as messaging apps.
