APPLE has announced plans to halt the spread of spyware attacking iOS devices.
Hermit – a sophisticated spyware app that can compromise both Android and iOS devices – has been quickly getting around.
What is ‘Hermit’ and what can it do?
Hermit was developed by Italian software company RCS.
Once it is installed on a device, it can do things like record audio, carry out calls, and conduct other unauthorized activities, per The Indian Express.
The spyware can steal stored emails, contacts, and text messages, and even browse your online searches.
It can even access your device’s camera to take pictures.
How is Hermit going around?
Hermit is being distributed outside of the App Store and Google Play through the sideload process.
Sideloading refers to media files being transferred to a mobile device via USB, Bluetooth, WiFi, and the like.
More specifically, bad actors have been sending an SMS message containing a malicious link to the app – this is known as phishing.
In Android cases, the attackers were likely disabling users’ mobile data connectivity beforehand, Google said.
And with iOS devices, the spyware exploited Apple’s enterprise certificate, per Google’s research.
Experts at 9to5mac 解释了: “Since Apple offers special certificates for companies to distribute enterprise apps to their employees outside of the App Store, RCS distributed its fake app to iOS users as an enterprise app.”
基本上, the spyware was masquerading as a legitimate app to bypass Apple’s requirements.
What is Apple doing to curb attacks?
Apple has now decided to revoke all certificates associated with the spyware.
This means that the malicious app can no longer be distributed outside of the App Store.
While this doesn’t completely protect iOS users from the threat, they are significantly less at risk.
How can I protect myself?
幸运的是, this spyware is not common and has mainly affected iPhone and Android users in Italy and Kazakhstan.
仍然, experts stress that it’s important to remain vigilant to protect yourself.
“The best advice for any smartphone user is to never click on unknown links and never install apps from a source you don’t know,” 9to5mac reported.
Users should also regularly update their phones and review apps on their devices.