RCS Spyware Goes Completely Undetected by Antivirus Products

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,379
RCS-Spyware-Goes-Undetected-by-Antivirus-Products-466007-2.jpg

A variant of Remote Control System (RCS) spyware collected a month ago goes completely under the radar of some antivirus products, a security researcher reports.

RCS is a versatile product developed by Italian company Hacking Team that can work on different computer platforms, desktop or mobile, and it is developed specifically for government agencies for surveillance purposes.
Running malicious process not identified
The sample detection experiment was carried out by Claudio Guarnieri, the leading developer of Detekt, a free scanner specifically created to help journalists, activists and human rights defenders find on their computer systems traces of spyware known to be used by various government organizations.

On Wednesday, he tested antivirus solutions from Kaspersky, Avira (Free), G Data and ESET and found that none of them were able to detect a trace of compromise on a system with an active RCS process.

There is no information about the configuration of the security products, but they were most likely running with the default settings. Even so, one would have expected the malware to have been picked up through one layer of defense, especially since its process was running on the computer.

The researcher also showed VirusTotal analysis results from September 26 for the same sample, which revealed that at the time none of the antivirus engines could determine the malicious nature of the uploaded file. Antivirus companies listed on VirusTotal have access to the uploaded files.
Newer variants are also largely undetected
VirusTotal includes limited functionality of the antivirus solutions, so not all the detection features are used. Many products rely on behavioral analysis to detect malware that has not been previously classified.

Bogdan Botezatu, senior malware analyst at Bitdefender, said that their antivirus did catch the RCS sample some time ago, via behavioral detection. Other solutions may also be able to detect the threat in a similar way.

Read more: http://news.softpedia.com/news/RCS-Spyware-Goes-Undetected-by-Antivirus-Products-466007.shtml
 
  • Like
Reactions: Terry Ganzi, Exterminator, Kent and 7 others
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Thank you Jack!

- so I downloaded this Detect.exe .. Nothing found here, success! (with all these topics in Space Bar .. haha!)
 
You must log in or register to reply here.

Similar threads

R
    • Like
Serious Discussion Sophisticated hacker bypasses powerful antivirus, how?
Replies
43
Views
4,260
Kaspersky
bazang
bazang
anirbandutta01
    • Like
  • Locked
Question Maximum antivirus detects it but Kaspersky not
Replies
15
Views
1,035
Kaspersky
harlan4096
harlan4096
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
New Update DLL Search Order Hijacking Vulnerability in ESET products for Windows fixed
Replies
3
Views
670
ESET
anirbandutta01
anirbandutta01

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top