Live
- India committed to world peace, security, says Yogi
- KTR demands cancellation of all agreements with Adani Group
- MVA united, will decide on CM post in Maha within a day
- Top pharma companies to invest Rs 5,260 cr, create 12,490 jobs in TG
- MIR Group to invest Rs 1500 cr in Mangalore SEZ
- Shivamogga farmers in panic after areca nut’s likely carcinogenic risk
- Union Minister tenders apology for remarks on Justice D’Cunha
- Indian value systems withstood many onslaughts: TG Guv
- Golden Chariot luxury train to resume operations from Dec 14
- Jain monk Shri 108 Jnaneshwar Muni attains samadhi at Devlapur
Just In
Explained: What is Hermit; how to protect yourself from it
Hans News Service | 2 July 2022 1:09 PM IST
x
Highlights
Hermit is new spyware that is more invasive and malicious than Pegasus. Government agencies are believed to have used it to target iPhone and Android devices in Italy and Kazakhstan.
While there are several unanswered questions about Pegasus spyware, new spyware has emerged that is wreaking even more havoc. Developed by an Italian vendor called RCS Lab, the new spyware called Hermit is believed to have targeted iPhone and Android users in Italy, Kazakhstan and, according to some sources, Syria as well.
Hermit is actually much more dangerous than Pegasus. Hermit is part of a sophisticated malware attack that is being actively used in the wild. Attackers are using zero-day or yet-to-be-patched vulnerabilities and a host of other dangerous exploits in Android and iOS code to deploy malware that can take control of someone's iOS or Android device.
When implemented correctly, Hermit can launch a sophisticated attack that could fool just about anyone. One tactic attackers have employed, according to Google's Threat Analysis Group or TAG, is to work with the target's ISP to disable the target's mobile data connectivity and send them a malicious link via SMS to regain connectivity, which then installs a data mining and data collection malware.
At this time, it is unclear whether ISPs in the affected areas were actively involved in facilitating these attacks or were compromised to carry them out. In any case, things are not looking for ISPs in the affected areas.
Another tactic was to send links to deceptive and convincing versions of popular apps like Facebook and Instagram which, again, resulted in the target's phone being infected.
When infected, an attacker can deploy more malware that is difficult or impossible to detect or remove. Furthermore, this malware can literally do anything: spy on your phone conversations, read your messages including bank OTPs, access your camera and microphones, etc. And yes, a malicious actor can even place things on his device.
With Pegasus, at least we had the certainty that spyware was only used by government agencies and law enforcement. There was no evidence to suggest that third parties or independent actors had access to it. That is not the case with Hermit. There are cases where criminals and other malicious parties have been reported to use Hermit to attack certain individuals.
As tricky as things are with the Hermit, there are some basic safety precautions that can go a long way. Follow them and you may never be affected by such spyware and malware.
Keep your device software and apps up to date. Make sure to install all security updates right away.
Never click on a suspicious link that you received in an SMS, even if it is from your service providers, Google, Facebook or any other service you may be using.
Always install the apps you need from an authorized app store. Never allow any other app to download and install another app.
Reboot your device daily. That way, if something suspicious happens, you'll be able to see clear evidence of it.
Use third-party browsers like DuckDuckGo and Vivaldi instead of any bundled browser.
Next Story
More Stories
ADVERTISEMENT
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com