Apple and Google Fix ‘Hermit’ Spyware Found on iPhone and Android Phones

Apple and Google have both confirmed that government-grade spyware ‘Hermit’ has infiltrated an unknown number of iOS and Android devices — reports TechCrunch.

Security research firm Lookout found Hermit to be the work of Italian software house RCS Labs.

The spyware uses various modules, which it downloads from its command and control servers as they are needed, to collect call logs, record ambient audio, redirect phone calls and collect photos, messages, emails and the device’s precise location from a victim’s device.

Google and Lookout were able to confirm governmental use of the spyware in Kazakhstan and Italy. The latter said Hermit has also been spotted infecting devices in northern Syria.

Hermit primarily affects Android devices and is known to work on all Android versions. However, Google also analyzed a sample of the spyware targeting iPhones.

According to Lookout, Hermit penetrates devices by tricking owners into downloading and installing the app through malicious links delivered by text. Hermit usually impersonates a legitimate-looking carrier or messaging app.

Android already allows users to install apps from outside Google’s Play Store. iOS, however, infamously doesn’t. To target iPhones, Hermit abuses Apple enterprise developer certificates that allow the spyware to be “sideloaded” onto the target device.

The iOS version of Hermit featured six different exploits, two of which were previously undiscovered vulnerabilities — or zero-days. Apple was already aware of one of these zero-day vulnerabilities being actively exploited in the wild, and they have since been fixed.

Google has updated Google Play Protect, Android’s app security scanner, to block the Hermit app from running and disabled the Firebase account the spyware was using. The company has also “notified the Android users of infected devices.”

Apple spokesperson Trevor Kincaid told TechCrunch that the iPhone maker has revoked all known accounts and certificates associated with or used by Hermit.

Neither company revealed exactly how many users were affected by Hermit or how much data was stolen.

This is far from Apple’s first brush with government-grade spyware. Israeli cybersecurity company NSO Group’s notorious Pegasus spyware has been used to spy on iPhones owned by journalists, minority groups, political personalities, and more in recent years.

Google’s Android OS, on the other hand, was found to be the victim of a massive spyware network siphoning data from 400,000 devices worldwide earlier this year.