Skip to main content

This Android malware is so dangerous, even Google is worried

An abstract image of digital security.
(Image credit: Shutterstock)
Audio player loading…

Google has confirmed reports of the existence of an extremely potent Android malware (opens in new tab), and notified victims that they’re being targeted.

In a blog post (opens in new tab), Benoit Sevens, and Clement Lecigne of the company’s Threat Analysis Group said cybersecurity researchers from Lookout were right when they discovered, and warned users, of the existence of a dangerous Android virus (opens in new tab) called Hermit.

Hermit is allegedly built by an Italian software development company RCS Lab, and was initally used by state-sponsored actors to target certain individuals both in Italy and in Kazakhstan. 

(opens in new tab)

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

Extremely potent malware

The malware (opens in new tab) is extremely potent, and once installed on the device, can reach out to its command & control (C2) server to pick up numerous modules, including call loggers, audio recorders (both ambient and phone calls), photo and video harvesters, SMS and email readers, and location trackers. 

Hermit works on all versions of Android, and is even capable of rooting the device to grant itself even more privileges.

Still, the app needs to be downloaded onto the device. That can’t be done via Google’s official Android repository, because it can’t be found there. Instead, the victims are lured into downloading the app via phishing SMS messages and according to TechCrunch, the attackers worked with the victims’ telecommunications providers to force them into downloading the app.

Now, as the existence of Hermit is confirmed, Google started reaching out to victims to warn them that they’re being targeted. No word on the number of people in question, but given the potential of the malware, we can assume it’s only a handful of high-profile individuals, possibly politicians, journalists, and civil rights activists. 

Google has also obtained a version of the malware designed for Apple devices, and said it abuses the company’s enterprise developer certificate to allow the app to be sideloaded. It leveraged six new exploits, two of which are zero-days (opens in new tab). Apple is already working on a fix for one of them.

Via: Tech Crunch (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.