What is WikiLeaks’ new dump HighRise? CIA Android malware allows spies to covertly steal data

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan 

Credits: Ibtimes

WikiLeaks has published its latest Vault 7 documents, revealing the CIA’s alleged Android malwaredubbed HighRise that has been designed to allow spies to covertly steal data from targeted smartphones. According to WikiLeaks, HighRise functions as an SMS proxy and sends stolen data to the CIA via SMS.

WikiLeaks documents reveal that HighRise masquerades as an app called TideCheck, which needs to be manually downloaded onto targeted phones “before it will automatically run in the background or after a reboot”.

“HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts,” WikiLeaks said.

Targeted users can be tricked into downloading the alleged CIA malware-laced TideCheck app. However, the app reportedly requires users to enter a password to open it up; the password is “inshallah” which is an Arabic word that roughly translated means “God willing”. It is unclear why the phrase “inshallah” was used as a password for the app. According to Hackread, the phrase is commonly used in the Arab world and could likely hint that the malware was designed to target Arabic or Muslim people.

According to the user guide published by WikiLeaks, once configured, the malware-laced app runs surreptitiously in the background, checking for incoming messages, which it then passes along to the CIA’s remote listening post (LP) server.

RELEASE: CIA Android phone SMS proxy 'HighRise' which masquerades as 'TideCheck' to form a covert messaging network https://t.co/wyNM6dOgnp pic.twitter.com/fMIrKbFhpG

— WikiLeaks (@wikileaks) July 13, 2017

According to the leaked user manual, HighRise’s primary features are:

• Send a copy of all incoming SMS messages to a CIA-controlled remote internet-based server
• Send SMS messages from the target’s compromised smartphone
• Provide a communications channel between the HighRise field operator & the CIA’s LP
• Provide a TLS/SSL secured internet communications

WikiLeaks’ dump is part of its Vault 7 series, which allegedly details the various kinds of hacking tools the spy agency uses to surveil its targets. HighRise is the 16^th data dump and comes just a week after WikiLeaks published its previous Vault 7 files, detailing the CIA’s hacking tools targeting Windows and Linux systems.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India