Blog Post

Ritelink Blog > News > NEWS > How to identify hermit spyware before it hijacks your or your friend’s phone

How to identify hermit spyware before it hijacks your or your friend’s phone

This infection is quite bothersome for a hermit

Watch out! A malignant malware threat is targeting both Android and iOS devices. Lookout, the security firm that first discovered the bug, dubbed it Hermit spyware, which is a bit of a misnomer. Why? Well, it’s far from reclusive. It’s designed to be intrusive, hijacking phones and wreaking havoc on devices.

According to Google’s Threat Analysis Group (TAG), the malevolent actors behind Hermit spyware attack seemingly have their crosshairs on users in Italy and Kazakhstan — for now. To hamper its spread, we’ll show you how Hermit spyware manifests, so you can spot it from a mile away.

Hermit Spyware: How it launches its attack

Lookout and TAG allege that the malicious team behind Hermit spyware is Italy-based spyware vendor RCS Labs. Get this! In some cases, the bad actors actually worked with Internet Service Providers (ISPs) to turn off victims’ mobile data. Consequently, the hackers would pose as mobile carriers and send text messages with malicious links, convincing targets that clicking on them will help restore their internet connectivity. 

Of course, that is far from true. Once the victim unwittingly downloads the malicious software, bad actors can gain access to quarry’s location, photos, call records and text messages. To make matters worse, the hackers can intercept phone calls (and make them, too). They can also record audio with the victim’s device.

In situations where ISPs are not involved, TAG says that Hermit spyware masquerades as a messaging app instead (e.g., WhatsApp). 

How to spot Hermit spyware

To arm you with knowledge on how Hermit spyware manifests, TAG posted a screenshot of how, in part, the malicious bug lures victims into its dangerous lair.

“The page, in Italian, asks the user to install one of these [messaging] applications in order to recover their account,” TAG said about the screenshot. “Looking at the code of the page, we can see that only the WhatsApp download links are pointing to attack-controlled content for Android and iOS users.”

To conclude, if you receive a fishy text after your mobile data unexpectedly turns off, it could be a hacker pretending to be a trusted entity. And of course, if you stumble upon a page similar to the screenshot posted above, don’t fall for it. If you do, your device may be in grave danger.

If you’re wondering what Apple and Google are doing to combat this mean bug, according to The Verge, Apple revoked all known accounts and certificates associated with Hermit. As for Google, it pushed a Google Play Protect update to all users.

Leave a comment

Your email address will not be published. Required fields are marked *