Kaspersky Lab released a new research report that maps the massive international infrastructure that is used to control the implant malware ‘Remote Control System’ (RCS), and identify unknown mobile Trojan that can attack Android and iOS.
This module is part of what is referred to as spyware tools ‘legal’, namely RCS aka Galileo, which was developed by the Italian company, Hacking Team.
List of victims in the above study, conducted by Kaspersky Lab together with the Citizen Lab, including activists and human rights defenders, journalists and politicians.
Kaspersky Lab has conducted a variety of different security approaches to find a server command and control (C & C) Galileo worldwide.
For the identification process, Kaspersky Lab’s experts rely on specific indicators and data connectivity obtained by reversing engineering (reverse engineering) existing sample.
In a recent analysis, Kaspersky Lab researchers claimed to map the presence of more than 320 RCS C & C servers in more than 40 countries. The majority of these servers located in the United States, Kazakhstan, Ecuador, England and Canada.
Related to these new findings, Sergey Golovanov, Principal Security Researcher, Kaspersky Lab, stating that the existence of this server in a country does not mean they are used by law enforcement in the country.
However, it makes sense for the user to operate the server RCS C & C in the location that they control – because in the place of legal problems between the state and the seizure of servers small risk.
Implants Mobile RCS
Although it has previously been known that the mobile Trojan for iOS and Android from Hacking Team exists, previously no really can identify, or knowing use in the attack.
Kaspersky Lab experts have researched malware RCS for two years. Earlier this year they were able to identify specific sample from the same mobile module with other RCS malware configuration profile in their collection.
In a recent study, a new variant of the sample was also obtained from the victim through KSN network Kaspersky Lab cloud. In addition, Kaspersky Lab’s experts also work closely with Morgan Marquis-Boire of the Citizen Lab, which examines a collection of malware HackingTeam extensively.
Mentioned, the mastermind behind Galileo RCS build dangerous implants specific for obvious target. Once the samples are ready, the attacker sends them to mobile devices victim.
Some of the known vector infection including spearphishing through social engineering, which is often combined with exploitation, including the exploitation of zero-day, and local infection via the USB cable when the mobile device synchronization.