WikiLeaks - Vault7 : HighRise used for SMS monitoring



WikiLeaks has released details about HighRise, a tool allegedly developed by the US- CIA, which intercepts and redirects SMS messages to a remote web server through an Android application. The malware can enable a CIA agent to access the message before it reaches its intended recipient.
As per tweets of WikiLeaks, HighRise acts as a proxy server for text messages. However, it is limited to devices which have the malware installed on it manually – meaning that the CIA would need physical access to the Android device to infect the handset.
The manual suggested that it only works on Android versions from 4.0 (Ice Cream Sandwich) to 4.3 (JellyBean) – although it could have been updated to work on more recent versions of the Android OS.
The HighRise tool is packaged inside an app called TideCheck. Once the CIA installs the app on the target’s device, they have to run it at least once, in order for it to work at all times – including when the phone is rebooted. The app starts when the phone is powered on, meaning that it can continue to run in the background and intercept text messages for longer than most other CIA malware, which disappeared after a restart.

According to the manual, CIA operatives have to enter the special code like password ‘inshallah’ which is the Arabic word for ‘God willing’ to access the app’s settings.
Once activated, the app gives the user three choices –
1)    They can return directly to the configuration to make changes,
2)    They can start the tool
3)    They can send an SMS from the phone to a remote CIA server.
This is the first Vault 7 data dump to involve the Android OS; most of the other tools have been focused on Windows or Linux. This included Grasshopper, a builder for Windows malware, and Scribble, a beaconing system for Office documents. There has also been a tool geared to hack Samsung smart TVs, and a tool for hacking iPhones and Macs.
 Read full Document Here.


Comments

Post a Comment

Popular posts from this blog

POS: Security Flaws allows hacker to change price, steal data

Image
Researchers at ERPScan discovered that SAP’s POS product, that is a component of the company’s SAP for Retail giving, was stricken by many flaws. Specifically, the system’s server element, Xpress Server, lacked necessary authorization checks for vital practicality. This allows AN assailant with access to the system to send malicious configuration files to Xpress Server and gain complete management of each the frontend and backend of the PoS system. A hacker will abuse tens of commands, permitting them to steal knowledge from all the credit and debit cards used at the targeted store, and apply special costs and discounts to such that things. These discounts is applied for such that times in order that AN item contains a tiny value only fraudsters visit purchase it. Fraudsters may also got wind of the system in order that their purchases area unit charged to the previous customer’s card. An assailant may also modification the info displayed on a receipt, as well as to s
Read more

"FruitFly" Mac malware: longstanding Mac backdoor discovered

Image
The FBI is presently work many infections tied to a mysterious family of Mac-based malware known as "FruitFly." When asked concerning the threat, a proponent for the Bureau told Motherboard that "as a matter of long policy, the FBI neither confirms nor denies the existence of investigations." however 2 security researchers say the FBI is so work the malware. One of the researchers, Malwarebytes's Thomas Reed, discovered the primary variant of FruitFly back in Jan 2017. At the time, he represented the threat as "a piece of malware in contrast to something I’ve seen before, that seems to possess really been alive, undetected, for a few time." FruitFly one is "extremely oversimplified on the surface," in Reed's estimation. however it distinguishes itself by its use of "ancient" functions to capture screenshots and acquire digital camera access. The malware's binary additionally contains lib jpeg, open ASCII tex
Read more

MalwareTech: Not guilty for unleashing a Kronos banking malware

Image
British cybersecurity researcher credited with serving to curb the recent WannaCry ransomware attack pleaded innocent  to federal charges accuse him of making malicious computer code to steal banking info 3 years past. Marcus Hutchins entered his plea in Wisconsin tribunal, wherever prosecutors charged him and an nameless co-defendant with conspiring to commit pc fraud within the state et al. Authorities arrested the 23-year-old man August. 2 at McCarran International airport in urban center, wherever he was aiming to board a flight to his zero in Ilfracombe, England. He had been in las vegas for DEFCON. Hutchins' professional, Marcia Hofmann, aforementioned when Monday's transient hearing that Hutchins can fight the costs which “when the proof involves lightweight, we have a tendency to square measure assured he are going to be totally guiltless.” “Marcus Hutchins could be a sensible young man and a hero,” Hofmann aforementioned. Hutchins left later during
Read more