Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed

Posted by Soulskill on from the productive-payloads dept.

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

7 of 92 comments (clear)

  1. Whose law? by Noah+Haders · · Score: 3, Interesting

    Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.

    1. Re:Whose law? by SharpFang · · Score: 3, Interesting

      There are countries (including the US) that do consider certain acts committed outside of their borders, not by their citizens, that only indirectly affect their country or citizens, as full crimes, to be persecuted and the guilty to be extradited, regardless of laws of the countries where these "crimes" were committed.

      So, if given country has a law against aiding unauthorized entities from spying on their citizens, and the firm sells the software to these entities, it is committing a crime. And while extradition or direct consequences are unlikely, they are not impossible, especially if employees of the firm ever visit the country in question.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  2. Being within the law doesn't make it right by Opportunist · · Score: 4, Insightful

    Killing Jews was strictly within the law of Nazi Germany.

    What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.

    Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. A request ... by gstoddart · · Score: 4, Insightful

    Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?

    Because if anybody deserves to be fucked with by the internet, it's these clowns.

    kthanksbye

    --
    Lost at C:>. Found at C.
  4. Android's stock browser MUST be removed by emil · · Score: 3, Interesting

    The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

    This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

    LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

  5. Are we supposed to be surprised? by Overzeetop · · Score: 3, Interesting

    A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.

    This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.

    It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).

    --
    Is it just my observation, or are there way too many stupid people in the world?
  6. Psssh.. my flash light app can do all that ... by Hohlraum · · Score: 5, Funny

    ;)