BIG BROTHER: Lookout Threat Labs uncover widespread deployment of Surveillanceware

Lookout Threat Labs uncover widespread deployment of Hermit Surveillanceware
Posted By Iain Fraser - Cybersecurity Journalist

Researchers at Lookout Threat Labs have uncovered several instances of the deployment of Hermit an enterprise-grade Android Surveillanceware including the government of Kazakhstan and this isn't the first time Hermit has been deployed. 

Lookout have reported that they were aware that the Italian authorities deployed "Hermit" in an anti-corruption operation in 2019. They have also found evidence suggesting that an unknown actor used it in north-eastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts. 

Lookout Threat Labs were already monitoring this threat for a while using Lookout Endpoint Detection and Response (EDR) however, these latest samples were detected in April 2022, four months after nation-wide protests against government policies were violently suppressed.

Based on their analysis, the spyware, named “Hermit” is likely developed by Italian spyware vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company that Lookout suspects is operating as a front company for the original developers.

RCS Lab is a known developer that have been active over the last thirty years operating in the same arena as Pegasus developer NSO Group Technologies and Gamma Group. These types of Surveillanceware are deemed legal incept technologies however all the companies named here all claim that they only sell to recognised government, the intelligence community and of course law enforcement. Learn More/...

Cyber Knowledgebase - What is Hermit?

What is Hermit?

Named after a distinct server path used by the attacker’s command and control (C2), Hermit is a modular Surveillanceware that hides its malicious capabilities in packages downloaded after it’s deployed.

These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.

It is thought that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers. Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background. There is also an iOS version of Hermit but to date no independent analysis has been conducted.

About Lookout Threat Labs
Pushing the Boundaries of Cybersecurity

Lookout Threat Labs is an integrated endpoint-to-cloud security company. Our mission is to secure and empower our digital future in a privacy-focused world where mobility and cloud are essential to all we do for work and play.

We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, the largest enterprises and government agencies, and partners such as AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. Learn More: Visit and follow Lookout on its blog,  LinkedIn, and Twitter 

Cybersecurity Journalist
Image Credit: Phillip Sidek

About Cybersecurity Journalist - Iain Fraser

Daily Cyber Insights | Iain Fraser - Cybersecurity & Geopolitical Journalist, Authority Writer, Commentator, Consultant Editor - Cybersecurity & Geopolitics | Gibraltar & Málaga City - Cybersecurity & Geopolitical Awareness, Threat Management, Compliance and Best Practice Mitigation. Voted Top 30 Cybersecurity News Websites Globally in 2023 for Information Security by Feedspot #CyberJourno #Scambaiter - Available for Assignments - Articles, Web Content, Guest Blogger.


Post a Comment

Note: only a member of this blog may post a comment.