Kaspersky Lab (http://tinyurl.com/chy5pnk) has published a new research report mapping a massive international infrastructure used to control “Remote Control System” (RCS) malware implants, and identifying previously undiscovered mobile Trojans that work on both iOS and Android/
These Trojans are part of the allegedly “legal” spyware tool, RCS, aka Galileo, developed by the Italian company, HackingTeam. The list of victims indicated in the new research, conducted by Kaspersky Lab together with its partner Citizen Lab, includes activists and human rights advocates, as well as journalists and politicians.
The operators behind the Galileo RCS built a specific malicious implant for every concrete target. According to Kaspersky Lab, once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days – and local infections via USB cables while synchronizing mobile devices.
One of the major discoveries has been learning precisely how a Galileo RCS mobile Trojan infects an iPhone, which first requires the device to be jailbroken. However, non-jailbroken iPhones can become vulnerable too because an attacker can run a jailbreaking tool like “Evasi0n” via a previously infected computer and conduct a remote jailbreak, followed by the infection. To avoid infection risks, Kaspersky Lab recommends that people refrain from jailbreaking their iPhones, and also constantly update the iOS on the device to the latest version.