Google says ISPs Could be Spreading new Spyware |

Google says ISPs Could be Spreading new Spyware

A malicious spyware that could steal sensitive data from both Android and ioS users


Google has warned users of a sophisticated new spyware campaign that could be piggybacking on the internet service providers (ISPs) onto user devices across both the Android and iOS platforms. The company said late last week that the new spyware could potentially steal sensitive data from users, though till date it was detected only in Italy and Kazakhstan. 

The company's threat analysis group (TAG) shared its findings around an Italy-based spyware vendor who could have circulated the program called Hermit, which was reportedly deployed first in 2019 as part of an internal anti-corruption operation. 

Security research firm Lookout claims that the Italian company responsible for the malware markets itself as a "lawful intercept" business that only works with government agencies. However, post the Pegasus imbroglio, several commercial spyware companies are facing the heat for unlawfully targeting individuals.

Google says Hermit can affect both iOS and Android devices and in cases the malicious actors were also found to be working with the ISPs of the targets in order to disable their data connections. Thereafter, they send a text message with a prompt to download the linked software for restoring the connection. 

The other option being used by the threat actors is to disguise the spyware as a legitimate messaging app like WhatsApp or Telegram and get users to download the malware onto their smartphones and other devices. 

The Hermit malware is also capable of gaining additional capabilities by downloading modules from a command and control server, says Google while adding that Lookout had observed that some addons could potentially steal data from the calendar and address books besides images taken by the device's camera. 

Google confirmed that Hermit did not enter the PlayStore or AppStore but there is evidence that the malicious actors could distribute the spyware on to iOS by enrolling in Apple's Developer Enterprise Program. A report appearing in The Verge quoted Apple to suggest that it had since blocked accounts or certificates associated with the threat. 

The Google blog post said, “These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” the company said. “While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians.”

TAGS: Security, hermit, malware