CIA continues to be squeezed hard by Wikileaks when top-secret documents become available on the Word Wide Web. Just on 3rd of July, we investigated a reveal which included the OutlawCountry malware, aimed at Linux operating systems. This time around, CIA spread their net and crafted a plan to read the text messages that are sent/received by Android devices. A document which is responsible for all of this fuss is called “HighRise v2.0 Users’ Guide” and it dates back to the winter of 2013.
The main overview explains the purpose of this malware: it is an Android application, functioning on devices that have Android 4.0 to 4.3 versions. The incoming and outgoing messages are all redirected to servers that belong to CIA. After these messages are delivered to the agency, it is able to examine all of the conversations that users have engaged in. CIA appears to have been forced to battle the innovations in the Android security department which meant that a more sneaky strategy had to selected to successfully spread and activate malware.
The organization emphasized that true malware was hidden behind a TideCheck app. For the malicious program to function properly, user not only has to download the program, but also launch at and enter a specific password. Then, after every time a device is restarted, the malware will auto-execute and engage in the monitoring-tasks it was designed for.
Since the released manual is for a second version of HighRise, this is probably not the primary sample which was exploited against Android operating systems. We should also not neglect the possibility that similar manuals might have been written more recently, meaning that the most recent versions of Android operating systems could be exposed to comparable strategies.
It is disturbing to image the vicious plans and strategies that CIA have concealed from the public eye over the years. While a bunch of secret documents and manuals have already surfaced thanks to the efforts from Wikileaks, the actual number of similar tactics remains in question. No doubt that CIA expresses Interest in mostly all devices: from Windows, Mac and Linux to Android. Since malicious applications could be concealing their true purpose behind some other applications, be careful to select those tools that are checked by security researchers. If an application is questioned and determined to be involved in devious plans, users should even consider downloading them for their machines. Also, if an unknown message enters unexpectedly, take appropriate measures to remove it.