Massive 'legal' spying, malware net uncovered
25 June 2014, 14:29
Cape Town - A security company has uncovered a massive cyber spying net with its tentacles in a number of countries dedicated to hacking Android phones and iPhones.
On Tuesday, Kaspersky Lab, working in conjunction with Citizen Lab identified the infrastructure used to control malware implants remotely.
The legal malware, known as Galileo, was developed by Italian company HackingTeam and includes a number of Trojans that can infect both Android and iOS.
Galileo command and control centres (C&C) were mapped in over 40 countries with the majority of servers in the US, Kazakhstan, Ecuador, the UK and Canada.
Kaspersky found that there were 320 servers actively processing the malware and victims included activists and human rights advocates, as well as journalists and politicians.
"The presence of these servers in a given country doesn't mean to say they are used by that particular country's law enforcement agencies. However, it makes sense for the users of RCS [Remote Control System] to deploy C&Cs in locations they control - where there are minimal risks of cross-border legal issues or server seizures," said Sergey Golovanov, principal security researcher at Kaspersky Lab.
Operators of the network target each individual with a number of different methods including specific phishing techniques, zero day vulnerabilities, USB infections and social engineering.
The security company said that while iPhones were immune to the exploit, the Galileo operators could remotely jail-break the device, making it susceptible to infection.
"Non-jail-broken iPhones can become vulnerable too: An attacker can run a jail-breaking tool like Evasi0n via a previously infected computer and conduct a remote jail-break, followed by the infection," Kaspersky said.
"To avoid infection risks, Kaspersky Lab's experts recommend that you first of all don't jailbreak your iPhone, and secondly also constantly update the iOS on your device to the latest version," the company added.
The malware also operates on mobile devices discreetly. It can, for example, ensure that it doesn't drain the battery and run in stealth mode so it is invisible to the user.
It can also be programmed to record audio only when certain conditions are met. For instance, it could only begin recording when the device is connected to a specific Wi-Fi network or when the smartphone is charging.
- Follow Duncan on Twitter