Italy's 'Hacking Team' spy Trojan targeting Android and iOS devices, researchers discover

Now musters 326 servers in 20 countries

Italy's infamous and dubious hackers-for-hire Hacking Team (or HackingTeam) have set up a worldwide command and control network comprising several hundred servers and expanded into Android and iOS surveillance, a study by Kaspersky Lab and the University of Toronto's Citizen Lab has revealed.

The collaboration is just one of a handful that have attempted to keep tabs on one of the oddest organisations in the entire world of malware. Conventionally speaking Hacking Team fits the bill of a professional malware gang except that what these guys work for numerous governments and are considered by police forces to be paid white hats.

Along with similar organisations such as Britain's Gamma International, they are seen as having commercialised the market for 'legitimate' state spying. The controversy follows not far behind; what is legal and justifiable in one country might be viewed as the road to a police state in another.

The researchers discovered that the command and control servers for the group's 'DaVinci' Remote Control System (RCS) now comprises at least 326 servers across 40 countries. Top of the list is the US with 64 servers, followed by Kazakhstan with 49, Ecuador with 35, the UK with 32, Canada with 24, China with 15 and Colombia with 12; the rest of the list is made up of a number of countries with usually only one server each.

Make of that list what you will. Normally, where C&C servers are sited doesn't mean a whole lot except that Hacking Team works for states and police forces that for legal reasons might be keen to keep their surveillance caches on-shore. This implies but does not prove that some of these countries work with the group monitoring their own citizens for purposes unknown.

More significant perhaps is that the researchers have discovered more about Hacking Team's mobile campaigns mobile platforms such as Android and iOS.

The iOS Trojan is the blunter surveillance tool because it only works on jailbroken devices, a small minority globally but probably more common among the sort of dissident targets that the group wants to watch. The researchers also found evidence that attackers might try and jailbreak or root the device remotely.

The status of the Android equivalent remains less certain but both appear to infect mobile devices via a Mac or Windows PC to which they are connected. The mobile Trojans would give the group the ability to monitor not only the target's communications but their location, something that underlines the importance of penetrating these platforms.

"The new data we are publishing on Hacking Team's RCS is extremely important because it shows the level of sophistication and scale of these surveillance tools," said Kaspersky Lab principal security researcher, Sergey Golovanov in a blog.

A detailed breakdown of the findings is available on the University of Toronto website here and here.

Regardless off the legality and ethics of Hacking Team's business, security firms classify the Trojans as malware; Mac security firm Intego, for instance, uses the name OSX/Crisis for the DaVinci spyware.

Join the CSO newsletter!

Error: Please check your email address.

Tags Citizen LabPersonal TechsecurityGamma InternationalHacking Team

More about Citizen Watches AustraliaIntegoKasperskyKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts