Earlier this month Italian spyware company 'Hacking Team' suffered from a severe cyber attack in which about 400GB of data were leaked online. Security researchers and investigators continuously dug into the leaked data dump, and many more things have come forward in the investigation.
Researchers from Trend Micro have discovered an advanced Android hacking tool called RCSAndroid (Remote Control System Android), source code on the leaked data dump of Hacking Team, which is one of the "most professionally developed and sophisticated" Android hacking tools ever seen yet.
Now again another weird thing came to know Hacking Team's leaked data contains a source code of an Android Hacking tool which have the capability of infecting all Android-based devices even though users are running the latest version of the Android.
Feature of RCSAndroid Android hacking tool
As this is one of the ever seen sophisticated hacking tools, RCSAndroid has great powerful features which help government and law enforcement agencies around the world to completely compromise and monitor Android devices remotely.
- Capture screenshots using the “screencap” command and framebuffer direct reading
- Monitor clipboard content
- Collect passwords for Wi-Fi networks and online access;.units, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn
- Record using the microphone
- Collect SMS, MMS, and Gmail messages
- Record location
- Gather device information
- Capture photos using the front and back cameras
- Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
- Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service.
RCSAndroid a 'cluster bomb'
RCSAndroid is a threat that works like a cluster bomb in that it deploys multiple dangerous exploits and uses various techniques to easily infect Android devices. While analyzing the code, the researcher found that the whole system consists of four critical components, as follows:- Penetration solutions, ways to get inside the device, either via SMS/email or a legitimate app
- Low-level native code, advanced exploits, and spy tools beyond Android’s security framework
- High-level Java agent – the app’s malicious APK
- Command-and-control (C&C) servers, used to remotely send/receive malicious commands
How RCSAndroid hacking tool works?
There were two methods by which attackers target users.
- The first method is using a text message or email which contains a specially crafted URL that triggered exploits for several vulnerabilities (CVE-2012-2825) and (CVE-2012-2871) in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean, allowing the attacker to gain root privileges, and install the RCSAndroid APK.
- The second method is to use a stealthy backdoor app such as BeNews, which was specially designed to bypass Google Play, that exploits local privilege vulnerability in Android devices to root the device and install a shell backdoor.
As the tool source code is now available to everyone, means every Android user is under threat. It is recommended to all users disable app installations from unknown, third-party sources. Use mobile security solutions to secure your device from threats. Even if you are running the latest version of the operating system still you are under the circle of threats.