Hacking Team leak shows how to sneak malicious apps into Google Play
Italian security and surveillance company Hacking Team was most famed for supplying monitoring tools to governments around the world, but a recent security breach revealed the inner workings of the outfit. Sifting through the leaked data revealed not only spying tools and Flash vulnerabilities, but also Android apps with backdoors.
Security experts from Trend Micro found that spyware from Hacking Team was released to Google Play, bypassing checks that are usually performed. BeNews was a fake news apps -- now removed from the store -- that could be used to download remote access software to Android devices running anything from Froyo to KitKat.
Trend Micro reports that the app was designed with the express intention of circumventing Google's malware filtering and checking. The app was even downloaded a few times before removal on July 7. The malicious app exploits a vulnerability to escalate local privileges to install malware and remote access tools. The way the apps makes it into Google Play is rather sneaky.
Apps are vetted on, amongst other things, the permissions they need in order to run. To ensure easy passage into the store, BeNews requested just three permissions. Once installed, the app then used what Trend Micro calls 'dynamic loading technology' to download additional, malicious code, transforming it into a different beast altogether.
The cache of leaked data from Hacking Team not only includes the source code required to build other apps, but also handy how-to guide. While it seems that BeNews was not installed by many people -- perhaps as few as 50 -- the worry is that the source code is now out in the open so it may not be long until copycat apps appear. Hacking Team itself has warned that its tools have ended up in the hands of terrorists.