Someone captured and leaked a live presentation by an RCS sales tech, demonstrating his company's cyber-weapon for spying on dissidents, criminals, and whomever else the customer wanted to infect.
The software, Mito3, allows the attacker to "listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings."
The company’s employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware.“All this installation process is, in reality, is completely a fake. It’s sort of a movie,” the RCS Lab employee says in the video. “Because in reality, at this point, he’s already infected.”
The demo doesn’t really showcase any unprecedented hacking technique—fake Flash updates have long been a tool for cybercriminals and hackers to trick users into installing malware onto their computers—but it’s a small glimpse into how surveillance vendors try to sell their malware to governments around the world.
[Lorenzo Franceschi-Bicchierai/Motherboard]
(via /.)