back to article Hacking Team had RATted on Android: Trend Micro

The next piece of weaponised malware to emerge out of the Hacking Team leak has arrived: a Remote Access Trojan (RAT) for Android. Trend Micro researchers trawling the 400 GB of leaked files apparently have the honour of first discovery: RCSAndroid, it says, is “one of the most professionally developed and sophisticated” …

  1. Chairo
    Mushroom

    Getting better and better

    An exploit that can survive a factory reset?

    Is the source of this marvel of technology also included in the data dump?

    What level of interaction is required by the user? Does he have to execute some pownme script or is just receiving a mail/SMS containing the troyan already enough?

    1. oneeye

      Re: Getting better and better

      Hi, you might try directing those questions to TrendMicro.com There should be more articles and analysis in another day or two. Also read trends article. But I believe this is related to the native browser vulnerability discovered late last year. If you have the native browser set as default browser,and click the links,then I think that's all she wrote. Pwned ! But I have not looked at the CVE reports listed in the articles. I think trend micro said that their security app could detect it,as would other android AV mobile security apps.

      1. Chairo

        Re: Getting better and better

        Thanks for the answer! If it is connected to the native browser, then disabling it and using a browser app like Chrome or mobile firefox, whatever, should do the job, I suppose.

    2. TeeCee Gold badge

      Re: Getting better and better

      A factory reset on Android wipes user data and reloads from the system image. If you've rooted an Android device, you'll have already found that it's perfectly possible to update software in the system image and/or add applications to it.

      So if you have a root exploit and pop your scroteware in as a system app, it'll survive a reset. The only way of getting rid of it with conventional weapons is to reflash the device with a clean image, at which point it will reset from that.

    3. Anonymous Coward
      Anonymous Coward

      Re: Getting better and better

      If I'm reading this right, you have to have the target go to a particular URL to install the drive-by. And that's it. Of course I'm not looking at the code (yet). Among the other things from Hacking Team wandering around are their gitlab code. I don't have that (yet).

  2. Anonymous Coward
    Anonymous Coward

    "Major IT partner of olympic games"

    Atos ?? GE?? Samsung ?? would be interesting to know

    1. Anonymous Coward
      Anonymous Coward

      Re: "Major IT partner of olympic games"

      I was thinking AT&T...

      1. Anonymous Coward
        Anonymous Coward

        Re: "Major IT partner of olympic games"

        I was thinking NBC, those champions majoring in Control-Freak 301.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Major IT partner of olympic games"

      Who was IT partner at Sochi?

  3. Tony W

    Thanks Vodafone!

    I changed from the default browser as soon as I received my phone, because Vodafone had populated its bookmarks with a whole page of their own choices that could not be deleted. Security by annoyance?

    1. Anonymous Coward
      Anonymous Coward

      Re: Thanks Vodafone!

      Security by infuriaty?

      ;)

  4. Anonymous Coward
    Anonymous Coward

    If it got picked up by their A/V software then why are we only hearing about it now?

  5. Anonymous Coward
    Anonymous Coward

    Maybe a larger question is...............

    This RAT from Hacking Team doesn't appear to spy more than most of the apps you download from Google Play.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like