Lookout blows whistle on Kazakhstan's use of malware

By Dylan Bushell-Embling
Wednesday, 22 June, 2022

Lookout blows whistle on Kazakhstan's use of malware

Endpoint and cloud security company Lookout has discovered evidence of an enterprise-grade android surveillance malware being used by the Government of Kazakhstan within its borders.

The company’s researchers have also found evidence of deployment of the spyware in Italy and north-eastern Syria.

The spyware, which Lookout researchers have named Hermit, appears to have been developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company that may be operating as a front company.

Hermit is a modular spyware that hides its malicious capabilities in packages downloaded after it has been deployed. The spyware has 25 known modules.

The 16 modules researched by Lookout enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.

Lookout Threat Intelligence Researcher Justin Albrecht said the discovery provides an in-depth look into a spyware vendor’s activities and how sophisticated app-based spyware operates.

“Based on how customisable Hermit is, including its anti-analysis capabilities and even the way it carefully handles data, it’s clear that this is well-developed tooling designed to provide surveillance capabilities to nation-state customers,” he said.

“What’s also interesting is that we were able to confirm Kazakhstan as a probable current customer of RCS Lab. It’s not often that you are able to identify a spyware vendor’s clientele.”

Image credit: ©stock.adobe.com/au/tippapatt

Related News

New tool makes websites more secure

An international team of researchers has developed a scanning tool to make websites less...

Proofpoint warns of "dangerous" Microsoft 365 function

Proofpoint has discovered a method of exploiting a function within Microsoft 365 that could allow...

Schneider, Claroty launch building security tool

Schneider Electric and Claroty have launched a joint solution providing a range of cyber-physical...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd