Google has confirmed reports of the existence of an extremely potent Android malware (opens in new tab), and notified victims that they’re being targeted.
In a blog post (opens in new tab), Benoit Sevens, and Clement Lecigne of the company’s Threat Analysis Group said cybersecurity researchers from Lookout were right when they discovered, and warned users, of the existence of a dangerous Android virus (opens in new tab) called Hermit.
Hermit is allegedly built by an Italian software development company RCS Lab, and was initally used by state-sponsored actors to target certain individuals both in Italy and in Kazakhstan.
Extremely potent malware
The malware (opens in new tab) is extremely potent, and once installed on the device, can reach out to its command & control (C2) server to pick up numerous modules, including call loggers, audio recorders (both ambient and phone calls), photo and video harvesters, SMS and email readers, and location trackers.
Hermit works on all versions of Android, and is even capable of rooting the device to grant itself even more privileges.
Still, the app needs to be downloaded onto the device. That can’t be done via Google’s official Android repository, because it can’t be found there. Instead, the victims are lured into downloading the app via phishing SMS messages and according to TechCrunch, the attackers worked with the victims’ telecommunications providers to force them into downloading the app.
Now, as the existence of Hermit is confirmed, Google started reaching out to victims to warn them that they’re being targeted. No word on the number of people in question, but given the potential of the malware, we can assume it’s only a handful of high-profile individuals, possibly politicians, journalists, and civil rights activists.
Google has also obtained a version of the malware designed for Apple devices, and said it abuses the company’s enterprise developer certificate to allow the app to be sideloaded. It leveraged six new exploits, two of which are zero-days (opens in new tab). Apple is already working on a fix for one of them.