HackingTeam 2.0: The Story Goes Mobile

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS. In the meantime a lot has been happened, so it’s time for an update on all our current research findings on the RCS malware.

Locating the command servers

One of the most important things we’ve uncovered during our long and extensive research is a specific feature than can be used to fingerprint the RCS command servers (C2s). We presented details of this method at the Virus Bulletin 2013 conference.

To summarize, when a special request is sent to a “harmless” HackingTeam RCS C&C server, the RCS C&C responds with the following error message:

Slide from our VB presentation with HackingTeam’s C2 fingerprint

Read more: HackingTeam 2.0: The Story Goes Mobile

Story added 24. June 2014, content source with full text you can find at link above.