According to Lookout Threat Lab experts, Hermit is linked to the Italian spyware supplier RCS Lab and its front company Tykelab. The researchers’ analysis showed that Hermit was deployed not only in Kazakhstan, but the government of Kazakhstan is behind all the espionage campaigns. For the first time, specialists managed to detect an active mobile malware client from RCS Lab.
Lookout discovered Hermit in April 2022, the malware tried to impersonate Oppo software. Experts managed to find and analyze 16 out of 25 composite spyware modules.
“The composite modules, as well as the permissions that the main applications have, allow Hermit to record audio, make and redirect phone calls, as well as collect call log data, contacts, gallery, SMS messages, as well as receive information about the location of the device,” Lookout said in a statement. “The analyzed malware samples posed as applications of telecommunications companies or smartphone manufacturers. Hermit deceives users by opening legitimate brand web pages while launching malicious activity in the background.”