Coverage of the hack that was performed on the Hacking Team company keeps discovering more and more malware and viruses that the general public needs to be made aware of. The most recent discovery is that of a Remote Access Trojan that was made for Android. This is being called RCSAndroid. The discovery comes from Trend Micro who have been looking at the 400 GB of leaked files since they were first leaked.
Researchers with Trend Micro have said about the RCSAndroid:
“[It is] one of the most professionally developed and sophisticated pieces of Android malware [they’ve seen]”
What the RCSAndroid Can Do
The Trojan can do quite a bit to those Android devices that have been unfortunate enough to become infected. The list of capabilities include:
- Capturing screenshots
- Monitoring the clipboard
- Password collection on those passwords used on a Wi-Fi connection including social media passwords
- Recording what is said via the microphone
- Collecting messages that are sent and received
- Utilizing the cameras for capturing pictures
- Easily able to find your location
- Collecting any and all contacts from a variety of sources
Probably one of the biggest capabilities is the Trojans ability to access real-time phone calls and record these.
How RCSAndroid Installs on Your Device
As of right now, Trend Micro is not sure of what partners the Hacking Team had in pushing this Trojan out there to users. However, they have released one name which is a major partner, the Olympic Games. So how can the Trojan install on your device? There are four methods that have been found:
- Via email or text messages through Android applications
- Java agent APK, a malicious Java
- C & C Servers
- Through tools that can get passed the security framework set by Android
The Trend Micro team is telling people who are running Android Ice Cream and Jelly Bean, that this version is the one that the Hacking Team had completed. So there is every chance that this could be installed and running right now.
In order to rid the device of this, Trend Micro is stating that you would need the phone manufacturers help to do so. It was also noted that the Hacking Team was working on a version that would be for the Android 5.0 Lollipop version, but it seems it was not complete.