Η Hacking Team είχε αναπτύξει μια εφαρμογή Android που θα μπορούσε να εκτελέσει δυναμικά malware. Η εφαρμογή εμφανίστηκε στο Google Play Store σαν μια αθώα νέα εφαρμογή, σύμφωνα με την Trend Micro.
The app, BeNews, only asks for three permissions from the user when installed, and is able to avoid Google's automatic checks because the exploits it uses are not in the code, the company says security.
"The BeNews app was downloaded 50 times before being removed from Google Play on July 7," says Trend Micro. "Looking at the routines of the app, we believe that the app can bypass the limitations of Google Play, using dynamic loading technology."
“Dynamic loading technology allows an application to download and execute code from thenetwork. It does not upload the code to Google to bypass app verification, but uploads it later when the victim starts using it.”
Trend Micro said the Hacking Team had written guidelines for its customers to help them make the best use of the malicious application that used vulnerabilities to escalate privileges (CVE-2014-3153, available on Android 2.2 to and 4.4.4).
Let's say in an interview earlier this week, Hacking Team Chief Executive David Vincenzetti said his company had been misunderstood and they were good at the case.
"The system legitimate surveillance that Hacking Team has been distributing to law enforcement for more than a decade is critical to its work preventions, investigating crime and terrorism," Vincenzetti said in a statement.
"No other company has ever developed applications as complete, as easy to use, or as powerful as ours."
Of course we do not know what has developed Vupen, so that there is a measure of comparison.
