HackingTeam tool makes use of mobile malware targeting all major platforms

Share this article:
Researchers with the University of Cambridge revealed just how effective PIN Skimmers can be.
Until now, researchers had not been able to identify how the firm's surveillance products utilized mobile malware.

Researchers have uncovered troubling details about a mobile surveillance service provided by HackingTeam, an Italian seller of monitoring software.

While the company's Remote Control System (RCS) solution, also known as Galileo, has long been on the radar of the security community, as well as the practice of it being marketed to police and intelligence agencies around the world, researchers had not been able to identify how the firm's products used rumored mobile malware – until now, that is.

On Tuesday, Citizen Lab, an information security and human rights organization at the University of Toronto, and Kaspersky Lab teamed to release findings on HackingTeam's mobile trojans, which have been linked to the surveillance of journalists, politicians and activists.

In a Tuesday blog post, Kaspersky researchers revealed that the malware had been discovered this year on all major mobile platforms: Android, iOS, Windows Phone and BlackBerry.

Kaspersky also noted that RCS' iOS module, designed to work on jailbroken Apple devices, was alone capable of monitoring targets' emails, text messages, and keystrokes made in apps. In addition, the malware could intercept phone calls, take photos using the phone's camera, register new SIM cards inserted in infected devices and track users' locations via GPS.

In its blog post, Kaspersky said that over 320 command-and-control servers for RCS had been detected throughout the globe, including 64 in the U.S. (where the most servers were pinpointed).

The firm would not confirm that the existence of servers meant that a country was operating the control hub, but did say that the findings provided a “good indication of who owns them," Kaspersky's blog post said.

In some cases, HackingTeam's mobile trojans were installed on mobile devices connected to infected Windows and Mac computers, the firm found. But those looking to spy on mobile users, can also install the malware via remote admin access.

In total, Kaspersky detected 17 malicious RCS modules designed for iOS, Windows Phone, Android, and BlackBerry devices.

In Tuesday email correspondence to SCMagazine.com, Sergey Golovanov, principal security researcher at Kaspersky Lab, spoke to the nearly limitless scope of surveillance provided to RCS users.

“The attacker, based on previous knowledge, works on a template factory scheme which is customized for each victim,” Golovanov wrote. “The customization itself depends on the attackers need. It is not limited to any technical feature but to the intention of the attacker. In other words, there is no limit for the attacker while targeting a journalist or a politician. Only the attacker decides what to do and how far to go while spying on each victim.”

After tracking the spyware since 2011, researchers were finally able to shed more light on the tool's pervasive use.

“What we understood when we discovered so many servers across the globe, is that a lot of countries and governments around the world use HackingTeam solutions,” Golovanov continued. “It just means that we clearly live in the time of global surveillance, where even the smallest countries are big players.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly ...

The research presents techniques for distinguishing legit data leaks from false claims.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.