HackingTeam 2.0: The Story Goes Mobile
More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS. In the meantime a lot has been happened, so it’s time for an update on all our current research findings on the RCS malware.
Locating the command servers
One of the most important things we’ve uncovered during our long and extensive research is a specific feature than can be used to fingerprint the RCS command servers (C2s). We presented details of this method at the Virus Bulletin 2013 conference.
To summarize, when a special request is sent to a “harmless” HackingTeam RCS C&C server, the RCS C&C responds with the following error message: