This article is for Information purpose only. We do not encourage you in any manner to misuse this tool.
The “Remote Control System Android” is an Advanced real-world surveillance and hacking tool ever made for Android platform. The “Hacking Team”, The creators of RCS android are famous for their government grade spy tools and tie-ups with international agencies and Government Surveillance programs around the world including NSA.
Recently “Hacking Team” had faced massive hacking attacks on their servers, leading to leakage of their hacking tool’s source code for different platforms, including Android. There are endless possibilities of what this Tool can do. It can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed.
The “RCS Android” consists of 2 core modules: the Evidence Collector and the Event Action Trigger.
The Evidence Collector:
Evidence Collector is responsible for the spying routines: The various spying routines include recording voice calls and location, capturing Wi-Fi and online account passwords, taking screenshots and grabbing photos, recording speech by using the devices’ microphone, collecting contacts, SMS, MMS and decoding messages from IM and email accounts.
The Event Action Trigger
Event Action Trigger module is in charge of triggering malicious actions based on certain events (e.g. screen turning on, or SMS received with keywords). It can sync configuration data, upgrade modules, and download new payloads; upload the above mentioned collected data to the server, and purge it from the device; execute shell commands; disable the network, root access; reset the device’s locking password; and even uninstall the bot after use, to clear the tracks.
The reason why “RCS Android” has been refereed to as sophisticated is because of its ability to operate in fully stealth mode, so much so that to avoid detection and removal of the agent app in the device memory, the Hacking suite also detects emulators or sandboxes, obfuscates code using DexGuard, uses ELF string obfuscator, and adjusts the OOM (out-of-memory) value.
RCS – Android Hacking tool
‘HackedTeam‘, The team behind massive hacking attack on “Hacking team” itself, has already made all the RCS tools available as Git repositories. You can download the same below:
[ * ] The above repository contains raw source code of ‘RCS Android’, You will need to figure out all the modules and compile the required module and install it on the victims device.
Ways to infect victims device with RCA Android – “Hacking Team” way
While working for their clients (Govt and private agencies), The “Hacking Team” used several ways infect targeted Android devices. The 2 common ways used are:
1. Hackers on duty used backdoor apps such as “BeNews” available on the official Google Play Store to take advantage of a local privilege escalation bug to root the device and install the RCS Android agent.
2. They also used text and email messages containing specially crafted URLs that triggered exploits for several vulnerabilities present in the default browsers of previous android versions, allowing the attacker to gain root privileges, and install the RCS Android APK.
So, how do i protect my Android device from this RCS Tool?
Since the tool is now available publicly, and considering the capabilities of it, many of the devices out there are already infected or are easily vulnerable to this android hacking tool. Its always good to follow these preventive measure.
- Never rely on cheap android phones that donot have support for future android updates. If you have no choice, then avoid making any important transactions or communications on these devices.
- Always Update your Android firmware, as soon as you are prompted to and choose your Android phone wisely. Possibly buy the one which has the best support for firmware updates (Motorola, Nexus series, MI, etc). Many mobile manufactures are slow when it comes to sending OTA updates.
- Disable app installations from unknown, third-party sources in the Settings. This is one way to minimize the risk.
- Avoid using default web browsers and avoid clicking suspicious links in the webpages even if you think its from trusted sources.
Even with all these precautions, there’s always a possibility you’ll get infected. If you notice that your device is behaving in an unusual way (e.g. reboots or freezes unexpectedly), you should check whether it has been compromised. If you are not sure, ask people who know about these things or consult your manufacturer service center.