Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

Re:Bring-on the Apple haters

Jailbroken iDevices are totally irrelevant. There have been zero exploits on non-JB devices that are widespread.

Also, Android isn't that insecure. A rooted Android device is just as secure as an unrooted one, assuming the user doesn't click "allow" on the su dialog. In fact. the latest su app won't allow apps to ask for root access unless the install permissions have PERMISSION_SUPERUSER present in the app manifest.

However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.

Well, unless one downgrades to 4.x and uses XPrivacy, which solved the job quite well, as good, if not better than PMP on Cydia.