June 23– In April, after nation-wide protests against government policies were suppressed in Kazakhstan, researchers uncovered enterprise-grade Android surveillanceware in-use by the Kazakhstan government. A government entity ostensibly used brand impersonation to deceive victims into downloading the surveillanceware.
Researchers believe that the surveillanceware, dubbed “Hermit,” was likely developed by an Italian spyware vendor and a telecommunications solutions company that may function as a ‘front’ company.
This isn’t the Hermit surveillanceware’s first debut. In 2019, Italian authorities used the spyware in an anti-corruption operation. Researchers have also observed evidence of its use by persons in northeastern Syria, in a predominately Kurdish region that has seen political strife.
The Hermit spyware maker, RCS Lab, operates in the same market space as the Pegasus spyware developer, NSO group. Both companies are considered “lawful intercept” enterprises, and purportedly only solicit wares to customers with legitimate use for surveillanceware. ‘Legitimate use’ refers to intelligence and law enforcement agencies.
25 different functions
The Hermit spyware itself was built modularly, enabling its owners to deploy or ignore its 25 different components as they so choose. All 25 components serve different functions. In turn, this means that any given instance of Hermit deployment might differ from a subsequent deployment.
Hermit spyware enables owners to record audio, make and redirect calls, and collect the data that resides on victims’ phones. More niche, technical functions also exist. For example, a hash-based message authentication option may enable the admissibility of collected evidence.
For further information about the Hermit surveillanceware, visit ThreatPost.com. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.