Lots of exploits came from the breach two weeks ago of Hacking Team, a company specialised in providing malware as a service. The latest thing to leak is RCSAndroid, short for Remote Control System Android, basically the most professionally developed Android malware ever exposed.
With this toolkit, scriptkiddies have the ability to infect Android phones and tablets even when they're running the latest versions of Google's mobile OS (except 5.0). Android devices can get infected by visiting booby-trapped websites or via downloading infected apps, like the fake news app BeNews which was discovered on the official Google Play Android market earlier this week. The BeNews app sneaked through Google's spyware checks by dynamically loading additional code (including the exploit) after user installation. Full details at ARS Technica.
"The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android malware [titles] ever exposed," researchers from security firm Trend Micro wrote in a recently published blog post. "The leak of its code provides cybercriminals with a new weaponized resource for enhancing their surveillance operations."
RCSAndroid includes the ability to:
Capture screenshots using the “screencap” command and framebuffer direct reading
Monitor clipboard content
Collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn
Record using the microphone
Collect SMS, MMS, and Gmail messages
Gather device information
Capture photos using the front and back cameras
Collect contacts and decode messages from IM accounts, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.
Capture real-time voice calls in any network or app by hooking into the “mediaserver” system service