Vault 7: CIA Developed Android Malware That Works as an SMS Proxy

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
WikiLeaks published today the manual of another CIA hacking tool part of the Vault 7 leak series. This tool is referenced internally at the CIA under the name of HighRise and is an Android application for intercepting and redirecting SMS messages to a remote web server.

According to the leaked manual, HighRise only works on Android versions from 4.0 through 4.3 (Android Ice Cream Sandwich and Jelly Bean), but the document is dated to December 2013, and the tool was most likely updated in the meantime to support newer versions of the Android OS released during the past four years.

HighRise tool is also known as TideCheck
The actual HighRise tool is packaged inside an app named TideCheck (tidecheck-2.0.apk, MD5: 05ed39b0f1e578986b1169537f0a66fe).

The tool wasn't designed for social engineering attacks. CIA operatives have to install the app on the target's device themselves, and then manually run it at least one time for the tool to get boot persistence.

When starting the tool for the first time, CIA operatives must enter a special code to access its settings.
.........
 

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
Not as sneaky as I imagined from the title. But who knows how powerful the updated version is.
 

Stenly

Level 1
Jul 11, 2017
10
I have to say, theyre prety creative, too bad they wont share it to the world, so there can be solutions for it (but that is to be expected i guess)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top