Topic: Hacking Team's malware uses a UEFI rootkit to survive operating system reinstall (Read 382 times)

Advanced spyware for Android now available to script kiddies everywhere

http://arstechnica.com/security/2015/07/advanced-spyware-for-android-now-available-to-script-kiddies-everywhere/

<< One of the more recent discoveries resulting from the breach two weeks ago of malware-as-a-service provider Hacking Team is sure to interest Android enthusiasts. To wit, it's the source code to a fully featured malware suite that had the ability to infect devices even when they were running newer versions of the Google-developed mobile operating system.

The leak of the code base for RCSAndroid - short for Remote Control System Android - is a mixed blessing. On the one hand, it provides the blueprints to a sophisticated, real-world surveillance program that can help Google and others better defend the Android platform against malware attacks. On the other, it provides even unskilled hackers with all the raw materials they need to deploy what's arguably one of the world's more advanced Android surveillance suites.

"The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android malware [titles] ever exposed", researchers from security firm Trend Micro wrote in a recently published blog post. "The leak of its code provides cybercriminals with a new weaponized resource for enhancing their surveillance operations."

RCSAndroid includes the ability to:

- Capture screenshots using the "screencap" command and framebuffer direct reading
- Monitor clipboard content
- Collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn
- Record using the microphone
- Collect SMS, MMS, and Gmail messages
- Record location
- Gather device information
- Capture photos using the front and back cameras
- Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
- Capture real-time voice calls in any network or app by hooking into the "mediaserver" system service >>

Source: Ars Technica

Well, those guys made a really good job. I wonder how much is truly theirs and how much is coming from external... "collaborators" let's put it this way.

Hacking Team's malware uses a UEFI rootkit to survive operating system reinstalls

http://www.pcworld.com/article/2948092/security/hacking-teams-malware-uses-uefi-rootkit-to-survive-os-reinstalls.html

<< Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on. The company developed a tool that can be used to modify a computer's UEFI (Unified Extensible Firmware Interface) so that it silently reinstalls its surveillance tool even if the hard drive is wiped clean or replaced.

UEFI is a replacement for the traditional BIOS (Basic Input/Output System) and is meant to standardize modern computer firmware through a reference specification. But there are multiple companies that develop UEFI firmware, and there can be significant differences between the implementations used by PC manufactures. Hacking Team developed a method for infecting the UEFI firmware developed by Insyde Software, a Taiwanese company that counts Hewlett-Packard, Dell, Lenovo, Acer and Toshiba among its customers, according to security researchers from antivirus vendor Trend Micro.

"However, the code can very likely work on AMI BIOS as well", the Trend Micro researchers said in a blog post. AMI BIOS refers to firmware developed by American Megatrends, a long-time BIOS market leader. Trend Micro found details about the UEFI rootkit in the more than 400GB worth of files and emails that were leaked recently from Milan-based Hacking Team by a hacker. For the past week, security researchers and journalists have been sifting through the data uncovering malware source code, client lists, exploits for unpatched vulnerabilities and more information.

A Hacking Team slideshow presentation suggests that installing the UEFI rootkit requires physical access to the target computer, but remote installation can't be ruled out, the Trend Micro researchers said. Gaining temporary physical access to some computers wouldn’t be a big problem for government agencies, because many countries have laws that allow the inspection of laptops and other devices at their borders. >>

Source: PCWorld