Hacked code for Android exploit is online

If you stay on top of technology news, then you are probably aware of Italian firm Hacking Team’s  recent troubles.  Hacking Team sells a sophisticated surveillance suite to various government agencies around the world, providing those nations with the tools they require to perform cutting-edge espionage.

Three weeks ago, Hacking Team was compromised during a hack that cost it both the code for its malware and vast amounts of communications data.  The stolen material (which was dumped on the net in classic Wikileaks style) has so far provided various insights into the inner workings of the firm’s surveillance suite, including, the revelation that its software had a backdoor into Bitcoin Wallets since January of last year.

Hacking Team’s Android Hacking Exploits Continue

Further analysis of the code has now revealed that Hacking Teams software also includes an Android hacking module so sophisticated that it is even able to infect mobile devices running the newer versions of Google’s Android platform.

Thankfully, the source code for Remote Control System Android, or RCSAndroid for short, will now give Google and other Android developers the opportunity to improve future versions of the platform to be resistant to malware. On a slightly more troubling note, the source code for the most exceptional Android hacking tool on the planet is now floating around the Internet. Waiting to be deployed by anybody who takes a fancy to it, and considering its capabilities and ease of use that is quite worrying.

Security firm Trend Micro have recently published a blog where they mention RCSAndroid’s troubling capacities,

‘The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android malware [titles] ever exposed. The leak of its code provides cybercriminals with a new weaponized resource for enhancing their surveillance operations.’

So, what is the malware capable of that is so alarming? Once the code has been successfully deployed to a mobile device, even an unskilled hacker has the tools to do just about anything:

  • Record location
  • Capture photos using front and back cameras
  • Collect contacts and messages from all the different messengers you can think of
  • Collect passwords for WiFi networks and all online accounts
  • Collect emails and texts and real-time phone calls
  • Use the microphone to record
  • Screenshot whatever is on the screen

Although the availability of the source code is new, the malware itself has been known about within the research community since last year when Citizen Lab discovered that Hacking Team’s software was being deployed against Android users in Saudi Arabia. Trend Micro explains that it gets onto targeted devices in at least two known ways. The first method involves luring users to an infected website where the malware is deployed on arrival. The second involves installing a fake app called ‘BeNews’ – expressly designed for the purposes of getting the malware onto devices – and which was available in the Google Play store.

Once on an Android device the malware can join a server where the hacker can command it to do the vast selection of utilities.  According to security researchers, the malware is highly successful because it utilises low-level coding (which allows it to gather much more data). Anybody worried about the malware should, as always, be very careful when installing apps, and would be well advised to stay away from third party installations. Updating to the latest version of Android is also a smart move as Android developers will now be working to close up Hacking Team’s backdoor exploit.

For anybody out there that is worried that their device has already fallen victim to the hacking suite, let it be known that devices may well need to have their firmware reflashed in order to successfully remove the exploitative software. As such, anybody with a firm belief or worry that they may be infected would be advised to communicate with whichever company the product came from. Trend Micro researchers have commented,

“The leaked RCSAndroid code is a commercial weapon now in the wild. Mobile users are called on to be on top of this news and be on guard for signs of monitoring. Some indicators may come in the form of peculiar behavior such as unexpected rebooting, finding unfamiliar apps installed, or instant messaging apps suddenly freezing.”

Ray Walsh I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR and I am an advocate for freedom of speech, equality and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood and love to listen to trap music.

Related Coverage


One response to “Hacked code for Android exploit is online

  1. I wonder if this malware is able to collect all that info. if the user has encrypted their phone? Can it collect encryption keys as well? Something to think about…

Leave a Reply

Your email address will not be published. Required fields are marked *