Lookout blows whistle on Kazakhstan's use of malware

Endpoint and cloud security company Lookout has discovered evidence of an enterprise-grade android surveillance malware being used by the Government of Kazakhstan within its borders.

The company’s researchers have also found evidence of deployment of the spyware in Italy and north-eastern Syria.

The spyware, which Lookout researchers have named Hermit, appears to have been developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company that may be operating as a front company.

Hermit is a modular spyware that hides its malicious capabilities in packages downloaded after it has been deployed. The spyware has 25 known modules.

The 16 modules researched by Lookout enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages.

Lookout Threat Intelligence Researcher Justin Albrecht said the discovery provides an in-depth look into a spyware vendor’s activities and how sophisticated app-based spyware operates.

“Based on how customisable Hermit is, including its anti-analysis capabilities and even the way it carefully handles data, it’s clear that this is well-developed tooling designed to provide surveillance capabilities to nation-state customers,” he said.

“What’s also interesting is that we were able to confirm Kazakhstan as a probable current customer of RCS Lab. It’s not often that you are able to identify a spyware vendor’s clientele.”

Image credit: ©stock.adobe.com/au/tippapatt