![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
New Delhi: Cyber-security researchers have unearthed a new enterprise-grade Android spyware<\/a> called 'Hermit<\/a>' that is being used by the governments via SMS messages to target high-profile people like business executives, human rights activists, journalists, academics and government officials.
The team at cyber-security company Lookout Threat Lab uncovered the 'surveillanceware<\/a>' that was used by the government of Kazakhstan in April, four months after nationwide protests against government policies were violently suppressed.
\"Based on our analysis, the spyware, which we named 'Hermit' is likely developed by Italian spyware vendor RCS Lab<\/a> and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,\" the researchers said in a blog post.
This isn't the first time Hermit has been deployed.
Italian authorities used it in an anti-corruption operation in 2019.
\"We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,\" the team noted.
RCS Lab, a known developer that has been active for over three decades, operates in the same market as Pegasus<\/a> developer NSO Group<\/a> Technologies and Gamma Group, which created FinFisher<\/a>.
RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar and Turkmenistan.
Collectively branded as \"lawful intercept\" companies, they claim to only sell to customers with legitimate use for surveillanceware, such as intelligence and law enforcement agencies.
\"In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials,\" the researchers warned.
Hermit is a modular spyware that hides its malicious capabilities in packages downloaded after it's deployed.
These modules, along with the permissions the core apps have, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.
\"We theorise that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analysed impersonated the applications of telecommunications companies or smartphone manufacturers,\" said the Lookout team.
Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background.
The researchers said they are also aware of an iOS version of Hermit<\/a> \"but were unable to obtain a sample for analysis\".
According to leaked documents published in WikiLeaks, RCS Lab was a reseller for another Italian spyware vendor HackingTeam, now known as Memento Labs, as early as 2012.
Hermit is a highly configurable spyware with enterprise-grade capabilities to collect and transmit data.
The spyware also attempts to maintain data integrity of collected aevidence' by sending a hash-based message authentication code (HMAC).
\"In a sense, electronic surveillance tools are not that different from any other type of weaponry. Just this month, faced with financial pressure, CEO of the NSO group Shalev Hulio opened up the possibility of selling to 'risky' clients,\" said the researchers.
Pegasus was developed by the Israeli cyber company NSO Group that can be covertly installed on mobile phones and other devices.
It was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps.
The spyware has been used for surveillance of activists, journalists and political leaders from several nations around the world, including in India.
The Supreme Court-appointed technical committee last month informed the court that it would submit the Pegasus probe report soon.
The committee informed the top court that 29 mobile devices have been examined.
The Supreme Court gave more time to the technical committee to finalise and submit its report.
<\/body>","next_sibling":[{"msid":92292471,"title":"Anti-Agnipath protests: Mobile internet, SMS suspended in Faridabad's Ballabgarh as precautionary measure","entity_type":"ARTICLE","link":"\/news\/anti-agnipath-protests-mobile-internet-sms-suspended-in-faridabads-ballabgarh-as-precautionary-measure\/92292471","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":92296317,"entity_type":"ARTICLE","title":"Forget Pegasus, new spyware 'Hermit' now being used by govts","synopsis":"The team at cyber-security company Lookout Threat Lab uncovered the 'surveillanceware' that was used by the government of Kazakhstan in April, four months after nationwide protests against government policies were violently suppressed.","titleseo":"telecomnews\/forget-pegasus-new-spyware-hermit-now-being-used-by-govts","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":183,"shares":0,"engagementtimems":782000},"Alttitle":{"minfo":""},"artag":"IANS","artdate":"2022-06-18 11:40:18","lastupd":"2022-06-18 12:04:22","breadcrumbTags":["hermit","internet","rcs lab","finfisher","nso group","pegasus","pegasus spyware","surveillanceware","spyware","iOS version of Hermit"],"secinfo":{"seolocation":"telecomnews\/forget-pegasus-new-spyware-hermit-now-being-used-by-govts"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2022-06-18" data-index="article_1">
- Telecom乐动扑克News
- 3分钟阅读
忘记飞马,新的间谍软件“隐士”现在被政府使用
威胁网络安全公司注意实验室研究团队发现的“surveillanceware”使用的哈萨克斯坦政府今年4月,四个月后全国抗议政府政策被残忍的镇压。
读到
新德里:网络安全研究人员发现了一个新的企业级Android间谍软件名为“隐士”,被政府高调的人喜欢通过短信向目标企业高管,人权活动家、记者、学者和政府官员。
在网络安全公司团队注意实验室发现的威胁surveillanceware”,被哈萨克斯坦政府今年4月,四个月后全国抗议政府政策被残忍的镇压。
“基于我们的分析,间谍软件,我们叫“隐士”可能是由意大利间谍软件供应商RCS实验室电信解决方案公司和Tykelab Srl我们怀疑操作前公司,”研究人员在一篇博客文章中说。
这不是第一次部署了隐士。
意大利当局使用它在2019年的反腐行动。
“我们还发现证据表明叙利亚东北部的一个不知名的演员用它,一个主要的库尔德地区,许多地区冲突的设置,”研究小组指出。
RCS实验室,一个已知的开发者已经活跃在过去的三十年中,在相同的市场运营珀加索斯开发人员NSO集团技术和γ集团创建有鳍鱼。
RCS实验室与巴基斯坦军方和情报机构,智利、蒙古、孟加拉国、越南、缅甸和土库曼斯坦。
集体品牌为“合法拦截”公司,他们声称只卖为surveillanceware客户提供合法使用,如情报和执法机构。
“在现实中,这样的工具经常被滥用在国家安全的幌子下监视企业高管,人权活动家、记者、学者和政府官员,”研究人员警告说。
隐士是一个模块化的间谍软件,隐藏的恶意功能包下载后的部署。
这些模块和核心应用程序的权限,使隐士利用的设备,记录音频和重定向的电话,以及收集数据,如通话记录、联系人、照片、设备位置和短信。
“我们建立理论,间谍软件分布通过短信假装来自合法来源。电信公司的恶意软件样本分析模仿应用或智能手机制造商,”注意团队说。
隐士技巧用户提供合法网页它模仿的品牌,因为它在后台启动恶意活动。
研究人员说他们也意识到的iOS版本的隐士“但无法获得一个样本分析”。
根据发表在维基解密泄露的文件,RCS实验室是另一个意大利间谍软件供应商汉铿团队的经销商,现在被称为纪念品实验室,早在2012年。
隐士是一个高度可配置的间谍软件和企业级功能收集和传输数据。
间谍软件也试图维护数据完整性的收集aevidence通过发送一个基于散列的消息验证码(HMAC)。
“从某种意义上说,电子监视工具并不不同于任何其他类型的武器。就在本月,面对财政压力,太阳集团的首席执行官她Hulio开放销售“高风险”客户的可能性,”研究人员说。
飞马是由以色列网络公司太阳集团可以秘密安装在手机和其他设备。
能够阅读短信,电话跟踪,收集密码、位置跟踪、访问目标设备的麦克风和摄像头,和收获来自应用程序的信息。
间谍软件被用于监视的活动家、记者和政治领导人来自世界各地的几个国家,包括印度。
最高法院指定的技术委员会上个月通知法院,它将很快提交飞马调查报告。
委员会通知最高法院29日移动设备已被确认。
最高法院把更多的时间给了技术委员会来完成和提交报告。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动