Hacking Team RCS
STATUS:
Active
TYPE:
Backdoor, Trojan, Rootkit
DISCOVERY:
2011
TARGETED PLATFORMS:
Windows, OS X, BlackBerry, Windows Mobile, Android, iOS
FIRST KNOWN SAMPLE:
2008
NUMBER OF TARGETS:
101-500
TOP TARGETED COUNTRIES:
Russia, China, Italy, Vietnam, USA, Turkey, Iraq, Mexico, Germany, India
THE WAY
OF PROPAGATION
Bootable CD-ROM
USB drives
Direct hard disk infection
Social engineering
Exploits
Mobile infections through already infected PCs
USB cables
PURPOSE/
FUNCTIONS
Surveillance
SPECIAL
FEATURES
“Business-to-government” spyware
Can monitor any action performed using a personal computer/mobile device.
Modules for computers and mobile devices
Self-replication via USB flash drive
Infection of virtual VMware machines by copying itself into the autorun folder on the virtual drive
Ability to self-update
Samples are signed by legal authorities
local infections via USB cables while synchronizing mobile devices
Specific malicious implant for every concrete target
At least 39 Apple devices supported by the iOS mobile modules
Both jailbroken and non-jailbroken iPhones can be infected: an attacker can conduct a remote jailbreak through already infected computers
TARGETS
Activists
Journalists
Politicians
Criminal suspects
ARTEFACTS/
ATTRIBUTION
This program was developed by the Italian company HackingTeam and is intended for sale to government authorities in different countries.
MORE INFO
The blog post and research paper are available at Securelist.com (
blog post #1
,
blog post #2
)
