Kaspersky Lab has detected a new mobile malware for Android and iOS

Η Kaspersky Lab released a new one today που χαρτογραφεί μια μαζική, διεθνή υποδομή, η οποία χρησιμοποιείται για τον έλεγχο των malware εμφυτευμάτων “Remote Control System” (RCS). Παράλληλα, εντοπίστηκαν άγνωστα μέχρι σήμερα mobile που επιτίθενται σεAndroid καιiOS. Αυτές οι μονάδες είναι μέρος του αποκαλούμενου «νόμιμου» εργαλείου spyware RCS, γνωστού και ως Galileo, που αναπτύχθηκε από την ιταλική εταιρεία HackingTeam.

Kaspersky Lab

According to new research conducted by Kaspersky Lab, in collaboration with Citizen Lab, the list of victims includes human rights activists and advocates, as well as journalists and politicians.

Infrastructure RCS

Kaspersky Lab has implemented various security approaches to locate Galileo Command & Control servers (C&C) around the world. For the identification process, Kaspersky Lab experts relied on specific indicators and connectivity data obtained from existing reverse engineering samples.

During the survey, Kaspersky Lab researchers recorded more than 320 RCS C&C servers in more than 40 countries. The majority of servers were located in the United States, Kazakhstan, Ecuador, the United Kingdom and Canada.

Commenting on the latest findings, Sergey Golovanov, Principal Security Researcher at Kaspersky Lab, said: "The presence of these servers in a particular country does not imply that they are used by the law enforcement authorities of that country. However, it makes sense for RCS users to deploy C&C servers in the areas they control, where the risks of cross-border legal issues or possible seizures of servers are lower.

ΜNoble implants RCS

Though previously known to have Mobile Trojans iOS and Android in HackingTeam, nobody has actually identified them - or no one noticed they were being used for attacks. Kaspersky experts have been investigating RCS malware for the last two years. Earlier this year, they were able to locate specific samples of mobile modules that fit with the settings of other malicious RCS software they had already collected. During the latest survey, they collected new sample variants from the victims, through Kaspersky Security Network, the cloud-based network of Kaspersky Lab. Additionally, company specialists worked closely with Morgan Marquis-Boire from Citizen Lab, who has extensively researched the malware developed by HackingTeam.

Bodies of "infection"

Administrators behind RCS Galileo develop a specific malignant implant for each specific target. Once the sample is ready, the attacker transfers it to the victim's mobile device. Known methods of "contamination" include spearphishing through social engineering. Often, this is combined with exploits such as zero-day exploits, and local "infections" over USB cables during the mobile device synchronization process.

One of Kaspersky Lab's most important discoveries concerns the exact way in which a Galileo mobile Trojan infects an iPhone. This is through the jailbreaking of the device. However, even iPhones that are not "broken" can become vulnerable. Specifically, an attacker can run a jailbreaking tool, such as "Evasi0n", through an already infected computer, to perform remote jailbreaking and "infect" the device. To avoid the risk of "infection", Kaspersky Lab specialists initially do not jailbreak iPhone from users, Secondly, users need to continuously upgrade the operating iOS to the latest version.

Custom Espionage

RCS mobile modules have been developed with particular care to operate discreetly. For example, they pay special attention to its lifespan των φορητών συσκευών. Αυτό επιτυγχάνεται μέσα από προσεκτικά προσαρμοσμένες δυνατότητες κατασκοπείας ή μέσω ειδικών λειτουργιών s. For example, the recording process can only start when the victim connects to a certain Wi-Fi network (such as the network of a media house) or when they change the SIM card or while the device is charging.

In general, RCS mobile Trojans can perform many different kinds of tracking, such as reporting the target's location, taking photos, copying notes from the calendar, recording new SIM cards entering the infected device, and intercepting phone calls and messages. Beyond the classic SMS, interception can also be done in sent by certain applications, such as Viber, WhatsApp and Skype.

Localization

The τα της Kaspersky Lab ανιχνεύουν τα RCS/DaVinci/Galileo εργαλεία spyware, τα οποία έχουν καταχωρηθεί με τις ονομασίες: Backdoor.32.Corablin, Backdoor.Win64.Corablin, Backdoor.Multi.Corablin, Rootkit.Win32.Corablin, Rootkit.Win64.Corablin, Rootkit.OSX.Morcut, Trojan.OSX.Morcut, Trojan.Multi.Corablin, Trojan.Win32.Agent, Trojan-Dropper.Win32.Corablin, Trojan-PSW.Win32.Agent, Trojan-Spy.AndroidOS.Mekir and Backdoor.AndroidOS.Criag.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).