Google says modular spyware known as Hermit is currently targeting victims in Italy and Kazakhstan and has the potential to spread. According to the company, the spyware comes from Italian surveillance firm RCS Labs. It is deployed through applications and is affecting users on both Android and iOS.
The Google Threat Analysis Group (TAG) warns customers in a blog post published last week. According to the company, the Hermit spyware can be used to steal data, but also record and make calls without the victim’s permission.
An attack starts with a unique link for applications that mimic legitimate apps but are loaded with sophisticated spyware. If a user falls for the ploy and installs the false app, the Hermit spyware installs and starts stealing data.
Google makes it clear that none of the fake apps is currently on Apple’s App Store or Google’s own Play Store. However, users are still at risk because the apps are targeting them directly and may also be available on less secure third-party app stores.
TAG says that the spyware capabilities come from RCS Labs, a controversial surveillance software vendor. The company has been linked to other spyware activity in the past.
“We are detailing capabilities we attribute to RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android,” a Google TAG spokesperson told Threatpost.
Researchers with TAG say all the attacks they tracked started with the unique link that is sent to individual users. These links are sent through WhatsApp.
While the attacks are currently in two markets only, Google says there is nothing to stop the issue spreading across borders into other countries.
Tip of the day: With many reachable wireless access points popping up and disappearing again, the available networks list can become quite annoying. If needed you can use the allowed and blocked filter list of Windows to block certain WiFi networks or all unknown WiFi networks.