With this toolkit, scriptkiddies have the ability to infect Android phones and tablets even when they're running the latest versions of Google's mobile OS (except 5.0). Android devices can get infected by visiting booby-trapped websites or via downloading infected apps, like the fake news app BeNews which was discovered on the official Google Play Android market earlier this week. The BeNews app sneaked through Google's spyware checks by dynamically loading additional code (including the exploit) after user installation. Full details at ARS Technica.
"The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android malware [titles] ever exposed," researchers from security firm Trend Micro wrote in a recently published blog post. "The leak of its code provides cybercriminals with a new weaponized resource for enhancing their surveillance operations."
RCSAndroid includes the ability to:
Capture screenshots using the “screencap” command and framebuffer direct reading Monitor clipboard content Collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn Record using the microphone Collect SMS, MMS, and Gmail messages Record location Gather device information Capture photos using the front and back cameras Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger. Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service