Experts at Trendmicro analyzing package of data stolen from Hacking Team systems discovered a fake news app that was designed to circumvent filtering in Google Play. The malicious app was downloaded only 50 times before being removed from Google Play on July 7.
The app was called “BeNews” and is a backdoor app, that takes advantage of the extinct site “Benews”
“We found the backdoor’s source code in the leak, including a document that teaches customers how to use it. Based on these, we believe that the Hacking Team provided the app to customers to be used as a lure to download RCS Android malware on a target’s Android device.” States the blog post published by TrendMicro.
The backdoor included in the app is called “ANDROIDOS_HTBENEWS.A” and affects android devices from version 2.2 Froyo to 4.4.4 KitKat. The backdoor exploits the CVE-2014-3153 vulnerability, which is a local privilege escalation flaw.
“Looking into the app’s routines, we believe the app can circumvent Google Play restrictions by using dynamic loading technology. Initially, it only asks for three permissions and can be deemed safe by Google’s security standards as there are no exploit codes to be found in the app. However, dynamic loading technology allows the app to download and execute a partial of code from the Internet. It will not load the code while Google is verifying the app but will later push the code once the victim starts using it.” Continues the post.
As usual, the scaring aspect of the story is that many other companies like the Hacking Team with similar abilities are using similar techniques to hack computing systems and mobile devices worldwide. Always pay attention on what you install in your device and use an endpoint product to protect it.
About the Author Elsio Pinto
(Security Affairs – Hacking Team, Android)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.