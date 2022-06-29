Google through a joint investigation with the Lookout Threat Lab has released a global advisory related to a dangerous spyware that is being used by governments to steal information from mobiles. This has been named Hermit and it can already be considered a new Pegasus that attacks both iOS and Android alike.

This spyware has been allegedly developed by the Italian company RCS Lab, and made available to different intelligence agencies and also governments around the world. To this day it is known that he has acquired it both Italy as Kazakhstan.

The new Pegasus steals information in a sophisticated way

As Google has denounced through an article, the mode of action is really sophisticated. This makes the spyware can be camouflaged behind applications that at first glance may seem completely official. The official applications of Samsung, messaging and also of the operators that are installed to make common settings enter here.

The distribution is done through a simple SMS which seems to have a completely legitimate origin. But the problem is that the message is going to request to download a file in order to solve an internal failure of the device. In the end, what will be installed is this malicious application that will go unnoticed as it looks like a messaging app, an operator app, or the official Samsung app.





Once the malware is already installed on the device, it will be able to access everything it contains. But it should be noted that the application by itself does not include the attack tools. It acts as a simple gateway to download all the necessary exploits that will give it the necessary power to extract all the information that the attacker is interested in.

This is undoubtedly something really dangerous, since according to Google figures it has been possible to infect 10,000 devices a day in Europe. Because they go much further ally with the operators to be able to disconnect the target from the internet in order to more effectively make them fall into this trap. This is achieved by promising that by downloading a file it will return to normal. In this way you can check the many techniques that exist to infiltrate a mobile.

The coming months will surely see much more data being released about this spyware. Although only attacks have been detected in Italy and Kazakhstanthe fact that any government can access it makes it more than likely that its use will end up being extended, as is already the case with Pegasus.