Experts at Trend Micro have discovered a malicious Android App while they were analyzing the package of data stolen from Hacking Team.
Experts at Trendmicro analyzing package of data stolen from Hacking Team systems discovered a fake news app that was designed to circumvent filtering in Google Play. The malicious app was downloaded only 50 times before being removed from Google Play on July 7.
The app was called “BeNews” and is a backdoor app, that takes advantage of the extinct site “Benews”
“We found the backdoor’s source code in the leak, including a document that teaches customers how to use it. Based on these, we believe that the Hacking Team provided the app to customers to be used as a lure to download RCS Android malware on a target’s Android device.” States the blog post published by TrendMicro.
The backdoor included in the app is called “ANDROIDOS_HTBENEWS.A” and affects android devices from version 2.2 Froyo to 4.4.4 KitKat. The backdoor exploits the CVE-2014-3153 vulnerability, which is a local privilege escalation flaw.
“Looking into the app’s routines, we believe the app can circumvent Google Play restrictions by using dynamic loading technology. Initially, it only asks for three permissions and can be deemed safe by Google’s security standards as there are no exploit codes to be found in the app. However, dynamic loading technology allows the app to download and execute a partial of code from the Internet. It will not load the code while Google is verifying the app but will later push the code once the victim starts using it.” Continues the post.
The leaked dump also includes detailed instructions on how the Hacking Team’s clients could manipulate the backdoor:
As usual, the scaring aspect of the story is that many other companies like the Hacking Team with similar abilities are using similar techniques to hack computing systems and mobile devices worldwide. Always pay attention on what you install in your device and use an endpoint product to protect it.
About the Author Elsio Pinto
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.