sandabot Posted June 26, 2014 Report Posted June 26, 2014 Purchasing malware to victimize people is illegal by laws but if the same thing any government official do, then its not!! Yes, the police forces around the World are following the footsteps of U.S. National Security Agency (NSA) and FBI.Researchers from the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and computer security firm Kaspersky Lab have unearthed a broad network of controversial spyware which is specially designed to give law enforcement agencies complete access to a suspect's phone for the purpose of surveillance.MALWARE FOR DESKTOPS AND ALL MOBILE DEVICESThe malware, dubbed as Remote Control System (RCS), also known as Da Vinci and Galileo, is developed by an Italian company known as Hacking Team, available for desktop computers, laptops, and mobile devices. The latest version of the malware works for all phone including Android, iOS, Windows Mobile, Symbian and BlackBerry devices, but best on Android devices, and can also be installed on jailbroken iOS devices. But even if the targeted iOS device is not jailbroken, the malware uses the famous Evasi0n jailbreaking tool to install the malware easily.WORLD WIDE WEB OF COMMAND-N-CONTROL SERVERSKaspersky Lab researchers have used a fingerprinting method to scan the entire IPv4 space and to identify the IP addresses of RCS Command & Control servers around the world and found the biggest host in United States with 64 counts of C&C servers. Next on the list was Kazakhstan with 49, Ecuador has 35, UK which hosts 32 control systems and many other countries with a grand total of 326 Command & Control servers.ATTACK VECTOR AND MALWARE FEATURESRCS can be physically implanted on the victim’s device through a USB or SD card, and remotely it can be installed through spear phishing, exploit kits, drive-by downloads or network traffic injection.Once installed on Apple iOS and Android device, the new module enable governments and law enforcement officers with larger capabilities to monitor victim devices, including the ability to: -control phone network -steal data from their device -record voice E-mail -intercept SMS and MMS messages -obtain call history -report on their location -use the device’s microphone in real time -intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more."Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target—which is much more powerful than traditional cloak and dagger operations," Golovanov wrote.While, the Android module is protected by an optimizer for Android called DexGuard that made the it extremely difficult to analyze. However, most of the iOS capabilities mentioned above are also available for Android, along with the support for hijacking applications such Facebook, Google Talk, Tencent of China and many more.The mobile modules for each are custom-built for each target, researchers said. From previous disclosures we have seen that RCS is currently being used to spy on political dissidents, journalists, human rights advocates, and opposing political figuresSource Quote
