The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls.
Researchers from Google Threat Analysis Group (TAG) revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware. None of the fake apps were found on either Apple’s or Google’s respective mobile app stores, however, they said.
TAG is attributing the capabilities to notorious surveillance software vendor RCS Labs, which previously was linked to spyware activity employed by an agent of the Kazakhstan government against domestic targets, and identified by Lookout research.
“We are detailing capabilities we attribute to RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android,” a