Hermit (spyware)

Hermit is spyware developed by the Italian commercial spyware vendor RCS Lab that can be covertly installed on mobile phones running iOS and Android. The use of the software was publicized by Google's Threat Analysis Group (TAG) on June 23, 2022, and previously disclosed by the security research group Lookout.

Details
According to Lookout, RCS Lab is in the same business as NSO Group, which gained notoriety for its Pegasus spyware, and sells spyware to government agencies. Lookout believes Hermit has been deployed by the governments of Kazakhstan and Italy. Similar to Pegasus, Hermit is capable of tracking calls, location tracking, reading text messages, accessing photos, recording audio, making and intercepting phone calls, and could gain root on Android devices. Some attackers would pose as the victim's mobile carrier, sometimes with the carrier's assistance, to trick the victim into downloading an app that would deliver the payload. Another vector used was posing as a legitimate messaging app. While apps containing the spyware were not made available on the iOS app store or Google Play store, malicious actors were able to obtain certificates allowing installation on any iOS device through Apple's Developer Enterprise Program. Once Hermit was publicized, Apple said they revoked certificates related to it, and Google said they pushed Google Play Protect updates to all users.