Hacking Team had backdoor app in play store – update

Hacking Team had an app in the Play Store that pretended to be a news app, but in practice it could be used to install a backdoor on an Android device. Malicious code was only downloaded after installation and thus undetected by the Play Store.

The app used the name of a news site about BeOS that no longer exists, BeNews, in order not to arouse suspicion. According to Trend Micro, the app was in the Play Store until last Tuesday, and had been downloaded 50 times so far. The app was removed shortly after an attacker leaked a large amount of Hacking Team files. It is unclear whether Google removed the app, or whether Hacking Team did so itself to limit the damage.

The fake news app got its malicious code from the internet. This had a major advantage: when the app was run through Google’s scanner, that code was not present, so no alarm was raised.

Hacking Team used an exploit tool that could at least crack Android versions 2.2 through 4.4.4, but it is possible that other Android versions have been affected as well. Trend Micro believes the app then installed a Hacking Team spy tool, RCSAndroid, which can extract data from the device.

Last week it was announced that Hacking Team, an Italian company that supplies spy software to governments, has been hacked. The attacker also released a large amount of internal information. These included sensitive internal emails, as well as working zero-day exploits in software such as Flash.

Update, 16:30: This article stated that Google does not manually check the content of apps, but since the beginning of this year, the company does.