Share

Massive 'legal' spying, malware net uncovered

Cape Town - A security company has uncovered a massive cyber spying net with its tentacles in a number of countries dedicated to hacking Android phones and iPhones.

On Tuesday, Kaspersky Lab, working in conjunction with Citizen Lab identified the infrastructure used to control malware implants remotely.

The legal malware, known as Galileo, was developed by Italian company HackingTeam and includes a number of Trojans that can infect both Android and iOS.

Galileo command and control centres (C&C) were mapped in over 40 countries with the majority of servers in the US, Kazakhstan, Ecuador, the UK and Canada.

Kaspersky found that there were 320 servers actively processing the malware and victims included activists and human rights advocates, as well as journalists and politicians.

Specific techniques

"The presence of these servers in a given country doesn't mean to say they are used by that particular country's law enforcement agencies. However, it makes sense for the users of RCS [Remote Control System] to deploy C&Cs in locations they control - where there are minimal risks of cross-border legal issues or server seizures," said Sergey Golovanov, principal security researcher at Kaspersky Lab.

Operators of the network target each individual with a number of different methods including specific phishing techniques, zero day vulnerabilities, USB infections and social engineering.

The security company said that while iPhones were immune to the exploit, the Galileo operators could remotely jail-break the device, making it susceptible to infection.

"Non-jail-broken iPhones can become vulnerable too: An attacker can run a jail-breaking tool like Evasi0n via a previously infected computer and conduct a remote jail-break, followed by the infection," Kaspersky said.

"To avoid infection risks, Kaspersky Lab's experts recommend that you first of all don't jailbreak your iPhone, and secondly also constantly update the iOS on your device to the latest version," the company added.

The malware also operates on mobile devices discreetly. It can, for example, ensure that it doesn't drain the battery and run in stealth mode so it is invisible to the user.

It can also be programmed to record audio only when certain conditions are met. For instance, it could only begin recording when the device is connected to a specific Wi-Fi network or when the smartphone is charging.


- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.97
-0.2%
Rand - Pound
24.13
-0.1%
Rand - Euro
20.63
-0.2%
Rand - Aus dollar
12.38
+0.3%
Rand - Yen
0.13
+0.4%
Platinum
911.88
-1.3%
Palladium
1,019.74
-4.3%
Gold
2,159.99
-0.0%
Silver
25.11
+0.3%
Brent Crude
86.89
+1.8%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders