Apple to tackle hermit spyware

Arathi Nair
Arathi Nair July 2, 2022
Updated 2022/07/02 at 2:49 PM

According to a report, Apple has revoked certificates for the “Hermit” spyware that was used to attack iPhone and Android devices in Italy and Kazakhstan. Security company Lookout was the first to note the ubiquity of Hermit spyware; afterwards, Google’s Threat Analysis Group (TAG) also released a report on the subject. Authorities in Italy deployed Hermit in 2019, as per Lookout.

According to TAG’s study, Hermit, a program created by the Italian vendor RCS Lab, was used to target iOS and Android devices. Apple has said revoked all “known accounts and certificates associated with the spyware”.

The hackers sent a malicious link through text message to distribute the program outside of the App Store. When a victim unknowingly downloads malicious software, the bad guys have access to the victim’s location, photos, call logs, and text messages. Even worse, the hackers have the ability to listen in on phone conversations (and make them, too). They can use the victim’s gadget to record audio as well. Lookout said the spyware was likely distributed via “SMS messages pretending to come from a legitimate source.”


The research notes that while Apple only permits applications from the App Store to be loaded on a device, it does provide unique certificates for businesses to distribute their corporate apps.

The fact that the spyware app was revealed to be a real telecom or messenger app is what the hackers took advantage of Apple approved the enterprise certificate, so iOS devices may install it from sources other than the App Store. Apple revocation of the certificate means that hackers may no longer easily install spyware on the gadgets using the previous methods.

The Verge reports that Apple has invalidated all verified accounts and certificates connected to Hermit. If you’re wondering what Google and Apple are attempting to address this nasty problem, read on. Google updated Google Play Protect and sent it to all users.


For more such updates keep reading on

Share this Article