Your smartphone remains an electronic device that should not be overlooked in the fight against online threats, especially against spyware such as Hermit. This is the name of the latest spyware uncovered by Lookout and the TAG. In particular, it can collect personal data such as call logs, geolocation, e-mails, messages and photos, as well as redirect certain messages and record sound in real time through the microphone of the victim’s smartphone. . All this, of course, is done without the knowledge of the infected, in line with Pegasus.
Hermit’s mode of operation is based on phishing. Indeed, everything starts from the reception of an SMS containing a link to download an application which allows the potential victim to reactivate his mobile data. In this, Lookout and Google believe that some Internet Service Providers (ISPs) worked hand in hand with the creators of Hermit. Otherwise, the hackers try to impersonate the mobile operator of the victim in order to encourage him to click on the malicious link and, despite himself, install the spyware on his device.
According to screenshots posted by TAG on his blog, with instructions in Italian, Hermit is also hiding in apps that can mimic a help desk from Meta or the Samsung app. However, the need to allow installation of the app from unknown publishers may have alerted some.