RCSAndroid - Advanced Android Hacking Tool

Share it:
Android Hacking Tool
Earlier this month Italian spyware company 'Hacking Team' suffered from sever cyber attack on which about 400GB of data's were leaked online. Security researcher and investigator continuously digging the leaked data dump, and many more things have came forward on investigation.

Now again another wired thing came to know that Hacking Team's leaked data contains a source code of a Android Hacking tool which have a capability of infecting all Android based devices even users are running latest version of the Android. 

Researchers from Trend Micro have discovered a advanced Android hacking tool called RCSAndroid (Remote Control System Android), source code on the leaked data dump of Hacking Team, which is one of the "most professionally developed and sophisticated" Android hacking tool ever seen till yet.

Feature of RCSAndroid Android hacking tool
As this is one of the ever seen sophisticated hacking tool, RCSAndroid have a great powerful features which help government and law enforcement agencies around the world to completely compromise and monitor Android devices remotely.
  • Capture screenshots using the “screencap” command and framebuffer direct reading
  • Monitor clipboard content
  • Collect passwords for Wi-Fi networks and online acco;.unts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn
  • Record using the microphone
  • Collect SMS, MMS, and Gmail messages
  • Record location
  • Gather device information
  • Capture photos using the front and back cameras
  • Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
  • Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service.
RCSAndroid a 'cluster bomb'
RCSAndroid is a threat that works like a cluster bomb in that it deploys multiple dangerous exploits and uses various techniques to easily infect Android devices. While analyzing the code, researcher found that the whole system consists of four critical components, as follows:
  • Penetration solutions, ways to get inside the device, either via SMS/email or a legitimate app
  • Low-level native code, advanced exploits and spy tools beyond Android’s security framework
  • High-level Java agent – the app’s malicious APK
  • Command-and-control (C&C) servers, used to remotely send/receive malicious commands
How RCSAndroid hacking tool works?
There were two methods by which attackers targets users. 
  • The first method is using a text message or email which contains a specially crafted URL that triggered exploits for several vulnerabilities (CVE-2012-2825) and (CVE-2012-2871) in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean, allowing the attacker to gain root privileges, and install the RCSAndroid APK.
  • The second method is to use a stealthy backdoor app such as BeNews, which was especially designed to bypass Google Play, that exploit local privilege vulnerability in Android devices to root the device and install a shell backdoor.
As the tool source code is now available to everyone, means every Android users is under threats. It is recommend to all users to disable app installations from unknown, third-party sources. Use mobile security solution to secure your device from threats. Even you are running latest version of the operating system still you are under the circle of threatning.
Share it:

Android

Hacking

Hacking Team

Malware

News

Security

Post A Comment:

0 comments:

Follow by Email