Hacking Team’s Remote Control System (RCS) flagship spyware have recently received an update slightly different from previously observed variations.
Hacking Team is Italian spyware vendor founded in 2003. This vendor sells surveillance tools to governments worldwide. In 2015, this firm was hacked, 400GB of internal data was stolen and leaked online, including the list of customers, internal communications, and spyware source code.
The incident created a big cybersecurity problem because many cybercriminals started using the leaked code and exploits as part of their malicious operations.
In the meantime, the firm has received an investment by a company named Tablem Limited, which is officially based in Cyprus and has ties to Saudi Arabia.
Every system can be protected from this spyware by installing a top cybersecurity solution like an antivirus. Depending on which version of OS your device runs, please install an antivirus for Windows or antivirus for Mac. Companies should run extra tests like penetration test and ethical hacking test on their network to be safe and secured.
After running a malware analysis on Hacking Team’s top product, RCS, we saw that this tool has all the functionalities of a backdoor: it is capable of extracting files from a targeted device, intercepting emails and instant messaging, and remotely activating the webcam and microphone.
These newly discovered RCS samples were crafted between September 2015, and October 2017 belong to a single hacker group. The recognized versions have been signed with a previously unseen valid digital certificate, issued by Thawte to a company named Ziber Ltd.
The new variants pack a forged Manifest metadata to masquerade as a legitimate application and a VMProtect that adds detection evasion.
The Hacking Team developers themselves have built these samples because of: the versioning, that continues from where Hacking Team left off and other changes introduced in the post-leak updates that resemble with Hacking Team’s coding style and show a deep familiarity with the code.
The spyware’s capabilities remained the same, one of the preferred distribution vectors for them is through an executable file disguised as a PDF document and sent to the victims via a spear-phishing email.
This way Hacking Team spyware samples have been already distributed in fourteen countries.
Regarding individual users: to be safe and secured, depending on which version of OS your device runs, please install an antivirus for Windows or antivirus for Mac.
Regarding companies: make sure that you hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking tests.