This Android malware is so dangerous, even Google is worried

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Google has confirmed reports of the existence of an extremely potent Android malware, and notified victims that they’re being targeted.

In a blog post, Benoit Sevens, and Clement Lecigne of the company’s Threat Analysis Group said cybersecurity researchers from Lookout were right when they discovered, and warned users, of the existence of a dangerous Android virus called Hermit.

Hermit is allegedly built by an Italian software development company RCS Lab, and was initally used by state-sponsored actors to target certain individuals both in Italy and in Kazakhstan. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Extremely potent malware

The malware is extremely potent, and once installed on the device, can reach out to its command & control (C2) server to pick up numerous modules, including call loggers, audio recorders (both ambient and phone calls), photo and video harvesters, SMS and email readers, and location trackers. 

Hermit works on all versions of Android, and is even capable of rooting the device to grant itself even more privileges.

Still, the app needs to be downloaded onto the device. That can’t be done via Google’s official Android repository, because it can’t be found there. Instead, the victims are lured into downloading the app via phishing SMS messages and according to TechCrunch, the attackers worked with the victims’ telecommunications providers to force them into downloading the app.

Now, as the existence of Hermit is confirmed, Google started reaching out to victims to warn them that they’re being targeted. No word on the number of people in question, but given the potential of the malware, we can assume it’s only a handful of high-profile individuals, possibly politicians, journalists, and civil rights activists. 

Google has also obtained a version of the malware designed for Apple devices, and said it abuses the company’s enterprise developer certificate to allow the app to be sideloaded. It leveraged six new exploits, two of which are zero-days. Apple is already working on a fix for one of them.

Via: Tech Crunch

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
malware
Google warns of legit VPN apps being used to infect devices with malware
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Android phone malware
BADBOX malware hits 30,000 Android devices - make sure you update now
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight