Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Intelligence, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

HackingTeam tool makes use of mobile malware targeting all major platforms


Researchers have uncovered troubling details about a mobile surveillance service provided by HackingTeam, an Italian seller of monitoring software.

While the company's Remote Control System (RCS) solution, also known as Galileo, has long been on the radar of the security community, as well as the practice of it being marketed to police and intelligence agencies around the world, researchers had not been able to identify how the firm's products used rumored mobile malware – until now, that is.

On Tuesday, Citizen Lab, an information security and human rights organization at the University of Toronto, and Kaspersky Lab teamed to release findings on HackingTeam's mobile trojans, which have been linked to the surveillance of journalists, politicians and activists.

In a Tuesday blog post, Kaspersky researchers revealed that the malware had been discovered this year on all major mobile platforms: Android, iOS, Windows Phone and BlackBerry.

Kaspersky also noted that RCS' iOS module, designed to work on jailbroken Apple devices, was alone capable of monitoring targets' emails, text messages, and keystrokes made in apps. In addition, the malware could intercept phone calls, take photos using the phone's camera, register new SIM cards inserted in infected devices and track users' locations via GPS.

In its blog post, Kaspersky said that over 320 command-and-control servers for RCS had been detected throughout the globe, including 64 in the U.S. (where the most servers were pinpointed).

The firm would not confirm that the existence of servers meant that a country was operating the control hub, but did say that the findings provided a “good indication of who owns them," Kaspersky's blog post said.

In some cases, HackingTeam's mobile trojans were installed on mobile devices connected to infected Windows and Mac computers, the firm found. But those looking to spy on mobile users, can also install the malware via remote admin access.

In total, Kaspersky detected 17 malicious RCS modules designed for iOS, Windows Phone, Android, and BlackBerry devices.

In Tuesday email correspondence to, Sergey Golovanov, principal security researcher at Kaspersky Lab, spoke to the nearly limitless scope of surveillance provided to RCS users.

“The attacker, based on previous knowledge, works on a template factory scheme which is customized for each victim,” Golovanov wrote. “The customization itself depends on the attackers need. It is not limited to any technical feature but to the intention of the attacker. In other words, there is no limit for the attacker while targeting a journalist or a politician. Only the attacker decides what to do and how far to go while spying on each victim.”

After tracking the spyware since 2011, researchers were finally able to shed more light on the tool's pervasive use.

“What we understood when we discovered so many servers across the globe, is that a lot of countries and governments around the world use HackingTeam solutions,” Golovanov continued. “It just means that we clearly live in the time of global surveillance, where even the smallest countries are big players.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.