Hacking Team leak shows how to sneak malicious apps into Google Play

Status
Not open for further replies.
S

sinu

Thread author
Italian security and surveillance company Hacking Team was most famed for supplying monitoring tools to governments around the world, but a recent security breach revealed the inner workings of the outfit. Sifting through the leaked data revealed not only spying tools and Flash vulnerabilities, but also Android apps with backdoors.

Security experts from Trend Micro found that spyware from Hacking Team was released to Google Play, bypassing checks that are usually performed. BeNews was a fake news apps -- now removed from the store -- that could be used to download remote access software to Android devices running anything from Froyo to KitKat.


Trend Micro reports that the app was designed with the express intention of circumventing Google's malware filtering and checking. The app was even downloaded a few times before removal on July 7. The malicious app exploits a vulnerability to escalate local privileges to install malware and remote access tools. The way the apps makes it into Google Play is rather sneaky.

Apps are vetted on, amongst other things, the permissions they need in order to run. To ensure easy passage into the store, BeNews requested just three permissions. Once installed, the app then used what Trend Micro calls 'dynamic loading technology' to download additional, malicious code, transforming it into a different beast altogether.

The cache of leaked data from Hacking Team not only includes the source code required to build other apps, but also handy how-to guide. While it seems that BeNews was not installed by many people -- perhaps as few as 50 -- the worry is that the source code is now out in the open so it may not be long until copycat apps appear. Hacking Team itself has warned that its tools have ended up in the hands of terrorists.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
So what is Hacking Team then? They always call themselves a security company but in reality they are just state sponsored cyber criminals, which isn't any better than a "terrorist".
The word terrorism hasn't even gotten a clear definition yet but still it is used for almost everything some government disagrees with, it's insane. Now let me put it in their words: Somebody installing a RAT on a mobile phone or PC is a "terrorist", somebody spying on individuals is a "terrorist", somebody breaking encryptions is a "terrorist" - what are the governments then? They tell us they bought their software against "terrorism"...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top