Apple Shuts Down Hermit Spyware Distributed as Fake Enterprise App on iOS Devices

Hermit spyware

Hermit spyware, attributed to an Italian company, targets both Android and iOS users. On iOS devices, attackers distributed the spyware outside of the App Store by posing as an enterprise app. Apple has revoked all the accounts and certificates associated with Hermit, effectively preventing further iOS infections.

Google Confirms the Existence of Hermit Spyware

Google’s Threat Analysis Group (TAG) confirmed the existence of Hermit, spyware that can compromise both Android and iOS devices. According to Google. RCS Labs, an Italian software company, created the spyware, Google reported. RCS Labs used a combination of tactics, including atypical drive-by downloads, as initial infection vectors to target iOS and Android users.

Attackers Distributes the Spyware Via Text Message

According to Google, the attackers distributes the spyware by sending a text message with a malicious link. The link attempts to convince iOS users to download and install the app on their devices. Thankfully, the App Store’s complex process made it a bit difficult to install the spyware outside of the App Store. However, Google noted it was still possible.

To bypass the App Store’s complex review and installation process, RCS Labs distributes a fake app to iOS users. The spyware poses as an enterprise app. The App Store gives out special certificates for companies so that they can distribute enterprise software to their employees outside the App Store. The fake enterprise app seemed like a legitimate telecom or messaging app.

Due to the enterprise delivery method, Apple is unable to review the app. The Cupertino-based company doesn’t review software installed outside of the App Store. The spyware will then exploit the user’s device in such ways as capturing audio from the microphone, redirecting phone calls, collecting photos, and more.

Both Google and the security research firm Lookout confirmed that the spyware successfully victimized users in Kazakhstan and Italy.

Apple Revokes Accounts and Certificates Associated with Hermit Spyware

An Apple spokesperson told TechCrunch that Cupertino has already revoked all known accounts and certificates associated with the Hermit spyware. Although it is not clear who the targets of the spyware are, it is suspected that the spyware is being used similar to the NSO Pegasus Software. Pegasus was used by governments as a surveillance tactic against journalists, activists, and political opponents.

One thought on “Apple Shuts Down Hermit Spyware Distributed as Fake Enterprise App on iOS Devices

  • Arnold:

    Thank heavens that the EU remains committed to loosening Apple’s control of the App Store and permitting users to side load apps from…wherever…you know, so that developers and users alike can get a break and finally be free of Apple’s tyranny over users’ private property. 

    And about the term that you’re using, ‘spyware’; why so pejorative? It makes state actors sound so unsavoury! A better term would be ‘non-consented, clandestine surveillance-ware’ or ‘NCS’ for short. Now, doesn’t that sound so much better? Give a state-sponsored spook a break, why don’t you?! 

    Besides, how else are authoritarian regimes and their sponsored cyber gangs supposed to make a living and keep, you know, benighted activists who believe in liberal democracies, and their allies, the free press, from mucking things up and getting their populations all riled up, eh? 

    Authoritarian surveillance states, you’ve got a friend in the EU. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.