1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

How Hacking Team published a fake Google Play app to spy on you

By Gabe Carey
Jul 20, 2015
Post New Reply
  1. [parsehtml]<p><img src="https://www.techspot.com/images2/news/bigimage/2015/07/2015-07-19-image-5.jpg" /></p> <p>As if the Milan-based &quot;offensive technology&quot; company hadn&#39;t <a href="https://www.techspot.com/news/61249-when-hackers-get-hacked-firm-sold-spyware-governments.html">caused enough harm</a> recently, it has now been revealed that Hacking Team was responsible for a fake news app on Android&#39;s Google Play store. This news comes in from Trend Micro whose researchers discovered a sample of the app&#39;s code used to evade Google&#39;s quality control procedures.</p> <p>The app, entitled &quot;BeNews&quot; allegedly took influence from a now-obsolete legitimate news source of the same name to appear genuine. Despite Google&#39;s developer program policy designed specifically to prevent apps like this, Hacking Team managed to publish BeNews using backdoor exploit tools that take advantage of dynamic loading technologies.</p> <p>This means that while, on the surface, there are no exploit codes to be discovered by Google in the app, the software is programmed to download and carry out an extension of its code from the Internet after being opened by the end-user.</p> <p style="text-align: center;"><img alt="" src="http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/07/BeNews_04.png" style="width: 549px; height: 324px;" /></p> <p>The backdoor could potentially pose threats for users of Android devices anywhere from 2.2 Froyo to 4.4.4 KitKat with some additional devices also at risk. The mobile spy tool was available on the Google Play store as recently as July 7 and, dubiously enough, provided &quot;detailed instructions on how customers can manipulate the backdoor as well as a ready-made Google Play account they can use&quot;.</p> <p>Fortunately, this app in particular was only downloaded about 50 times, likely due to the ambiguity of its function. Nonetheless, the most alarming part of this story isn&#39;t the app itself but the principle behind it. If Hacking Team was able to break into Google Play, especially given its own history of <a href="https://www.techspot.com/news/61309-hacking-team-stolen-emails-now-searchable-wikileaks-clues.html">security missteps</a>, there is something to be said about the susceptibility of the Android marketplace. Surely, organizations will be more adamantly precautionary in regards to privacy after this month&#39;s expos&eacute;.</p><p><a rel='alternate' href='https://www.techspot.com/news/61427-how-hacking-team-published-fake-google-play-app.html' target='_blank'>Permalink to story.</a></p><p class='permalink'><a rel='alternate' href='https://www.techspot.com/news/61427-how-hacking-team-published-fake-google-play-app.html'>https://www.techspot.com/news/61427-how-hacking-team-published-fake-google-play-app.html</a></p>[/parsehtml]

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...