HackingTeam tool makes use of mobile malware targeting all major platforms

Share this article:
Researchers with the University of Cambridge revealed just how effective PIN Skimmers can be.
Until now, researchers had not been able to identify how the firm's surveillance products utilized mobile malware.

Researchers have uncovered troubling details about a mobile surveillance service provided by HackingTeam, an Italian seller of monitoring software.

While the company's Remote Control System (RCS) solution, also known as Galileo, has long been on the radar of the security community, as well as the practice of it being marketed to police and intelligence agencies around the world, researchers had not been able to identify how the firm's products used rumored mobile malware – until now, that is.

On Tuesday, Citizen Lab, an information security and human rights organization at the University of Toronto, and Kaspersky Lab teamed to release findings on HackingTeam's mobile trojans, which have been linked to the surveillance of journalists, politicians and activists.

In a Tuesday blog post, Kaspersky researchers revealed that the malware had been discovered this year on all major mobile platforms: Android, iOS, Windows Phone and BlackBerry.

Kaspersky also noted that RCS' iOS module, designed to work on jailbroken Apple devices, was alone capable of monitoring targets' emails, text messages, and keystrokes made in apps. In addition, the malware could intercept phone calls, take photos using the phone's camera, register new SIM cards inserted in infected devices and track users' locations via GPS.

In its blog post, Kaspersky said that over 320 command-and-control servers for RCS had been detected throughout the globe, including 64 in the U.S. (where the most servers were pinpointed).

The firm would not confirm that the existence of servers meant that a country was operating the control hub, but did say that the findings provided a “good indication of who owns them," Kaspersky's blog post said.

In some cases, HackingTeam's mobile trojans were installed on mobile devices connected to infected Windows and Mac computers, the firm found. But those looking to spy on mobile users, can also install the malware via remote admin access.

In total, Kaspersky detected 17 malicious RCS modules designed for iOS, Windows Phone, Android, and BlackBerry devices.

In Tuesday email correspondence to SCMagazine.com, Sergey Golovanov, principal security researcher at Kaspersky Lab, spoke to the nearly limitless scope of surveillance provided to RCS users.

“The attacker, based on previous knowledge, works on a template factory scheme which is customized for each victim,” Golovanov wrote. “The customization itself depends on the attackers need. It is not limited to any technical feature but to the intention of the attacker. In other words, there is no limit for the attacker while targeting a journalist or a politician. Only the attacker decides what to do and how far to go while spying on each victim.”

After tracking the spyware since 2011, researchers were finally able to shed more light on the tool's pervasive use.

“What we understood when we discovered so many servers across the globe, is that a lot of countries and governments around the world use HackingTeam solutions,” Golovanov continued. “It just means that we clearly live in the time of global surveillance, where even the smallest countries are big players.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.