Hermit, Pegasus-Like Spyware Targets Android, iOS Devices: What Is It?


Hermit, the latest sophisticated spyware has surfaced online and is believed to have targeted iPhones and Android devices in Kazakhstan and Italy. The spyware was developed by an Italian vendor RCS Lab. This spyware comes on the lines of Pegasus by NSO Group and can be deployed on a phone to control and track data from major applications.

Hermit, Pegasus-Like Spyware Targets Android, iOS Devices: What Is It?

The Hermit spyware was reported by the researchers at Lookout, a San Francisco-based cybersecurity firm. Now, the Hermit spyware has been explained in detail by Google's Threat Analysis Group (TAG). Let's take a look at the explanation from here.

What Is Hermit? What Does It Do?

Hermit is a spyware, which comes on the lines of Pegasus. Once it is installed on Android or iOS devices, it can record audio on the device and perform unauthorized activities and calls. As per the report, the spyware can steal stored details such as account emails, browser bookmarks, contacts, calendar events, etc. Also, it can take pictures on the device, and steal kernel information, application details, device information, model number, phone numbers, security patches and more.

Hermit is capable of downloading and installing APK as well on the compromised device. It can upload files from the device, take pictures of the screen and read notifications. The spyware can also get root access or privileged access to the Android system. Moreover, it can silently install or uninstall WhatsApp and Telegram and steal data from the installed apps.

How Does Hermit Affect Devices?

Similar to Pegasus, Hermit does not involve simple operations. Unlike normal malware that targets regular users, Hermit involves complicated operations. As per Google's TAG team, the campaigns started with a unique link that will be sent to the victim's device. When this link is clicked, it will install the app on both Android and iOS.


As per Google, they believe that those targeting the victims had to work with the target's ISP to disable the mobile data connectivity. It notes that attackers will send the malicious link via SMS to access the data of the victims. This could be the reason for most applications to masquerade as mobile carrier applications.

Hermit, Pegasus-Like Spyware Targets Android, iOS Devices: What Is It?

As per Lookout, the attacks in Kazakhstan are shown in the form of pages of Samsung, Oppo, and Vivo among other well-known phone brands. Their research shows that RCS Lab has worked with Tykelab Srl, a telecom solutions company. It is likely a front company for RCS Lab and their blog post claims to show some links between these two.

When it comes to Apple, the research revealed that the spyware exploited Apple's Enterprise Certificate, which is awarded to apps by select enterprises. It will let companies distribute their in-house apps for direct download on iOS devices after bypassing the App Store. Notably, the Hermit app has managed to obtain the certificates that were revoked by Apple later on.

How To Stay Protected?

Mobile devices are perfect targets and users should continue to follow basic tips to make sure they update their phones regularly and each update includes a security patch to keep unknown vulnerabilities at the bay. It is also important to stay away from clicking unknown links and is recommended to review the apps installed on the device periodically.

Best Mobiles in India

Read More About: news smartphones

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X