Since the leak of Hacking Team hack, a day in security space are inundated with news regarding some vulnerability, exploit, etc. etc., and still additional news area unit however to come back out.
Today it's time for android and for a replacement Remote Access Trojan (RAT) that emerged from the Hacking Team leak.
Trend small researchers discovered this new RAT referred to as RCSAndroid and same that's “one of the foremost professionally developed and sophisticated” piece of malware that they have seen for Android, until the moment.
This RAT it's thus evolved and tough to require out, that compromised phones can’t be cleaned without having root privileges in the android smartphone, and Trend small advises that it'd be higher for smartphone manufacturer to assist and re-flash the phones.
Key Features Of RCS Android Malware are
- Capture screenshots using the “screencap” command and framebuffer direct reading
- Monitor clipboard content
- Collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google etc
- Record using the microphone
- Collect SMS, MMS, and Gmail messages
- Record location
- Gather device information
- Capture photos using the front and back cameras
- Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
- Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service
Once RCSAndroid put in android smartphone, it starts operating like a bomb in smartphone, deploying multiple and dangerous exploits, using several techniques to infect the devices. once the code was analyzed Tread small found:
1.Penetration solutions, ways that to induce within the device, either via SMS/email or a legitimate app
2.low-level native code, advanced exploits and spy tools on the far side the Android’s security framework
3.High-level Java agent – the app’s malicious APK
4.Command-and-control (C&C) servers, accustomed remotely send/receive malicious commands
How RCSAndroid hacking tool infects a Target?
RCSAndroid uses two different methods to infect targeted Android devices.
1.Hacking Team sending malicious RCS Android apk in android smartphone via text and email message using vulnerability in the default browser of android 4.0 Ice Cream to 4.3 Jelly Bean,allowing the attacker to gain root privileges
2. The company used backdoor apps available on the official Google Play Store to take advantage of a local privilege escalation bug to root the device and install the RCSAndroid agent.
How to get protect the android smartphone from RCS Android Malware
- Don't install app from 3rd party source.
- Disable the installation of application from android smartphone.
- Install antivirus and antimalware application for security of android smartphone.
- Always up-to-date your device with latest version of android os and application.
