Watch out! A malicious malware threat targets both Android and iOS devices. Lookout, the security company that first discovered the bug, called it Hermit spyware, which is a bit of a misnomer. Why? Well, it’s far from reclusive. It is designed to be pushyhijacking phones and causing damage to devices.
According to Google’s Threat Analysis Group (TAG), the malicious actors behind Hermit’s spyware attack seem to have their sights on users in Italy and Kazakhstan – for now. To hinder its spread, we’ll show you how Hermit spyware manifests itself so you can see it from miles away.
Hermit Spyware: How It Starts Its Attack
Lookout and TAG claim that the malicious team behind Hermit spyware is Italy-based spyware vendor RCS Labs. Get this! In some cases even the bad actors worked with Internet Service Providers (ISPs) to disable victims’ mobile data. As a result, the hackers would impersonate mobile carriers and send text messages with malicious links, thereby convincing targets that clicking them will help restore their internet connection.
That is of course far from true. Once the victim unknowingly downloads the malicious software, malicious parties can gain access to the quarry location, photos, call details, and text messages. To make matters worse, the hackers can intercept (and make) phone calls. They can also record audio using the victim’s device.
In situations where ISPs are not involved, TAG says that Hermit spyware masquerades as a messaging app instead (e.g. WhatsApp).
Recognizing Hermit Spyware
To arm you with knowledge of how Hermit spyware manifests itself, TAG posted a screenshot of how the malicious bug, in part, lures victims into its dangerous hideout.
“The page, in Italian, asks the user to install one of these [messaging] apps to recover their accounts,” TAG said of the screenshot. “If we look at the page’s code, we can see that only the WhatsApp download links point to attack-controlled content for Android and iOS users.”
Finally, if you receive a weird text message after your mobile data has been unexpectedly disabled, it could be a hacker masquerading as a trusted entity. And of course, if you come across a page similar to the screenshot posted above, don’t fall for it. If you do, your device may be in serious danger.
If you’re wondering what Apple and Google are doing to combat this nasty bug, according to The Verge, Apple has revoked all known Hermit accounts and certificates. As for Google, it has pushed a Google Play Protect update to all users.