Rcs Spyware Goes Completely Undetected By Antivirus Products

A variant of Remote Control System (RCS) spyware collected a month ago goes completely under the radar of some antivirus products, a security researcher reports.
RCS is a versatile product developed by Italian company Hacking Team that can work on different computer platforms, desktop or mobile, and it is developed specifically for government agencies for surveillance purposes.

Running malicious process not identified
The sample detection experiment was carried out by Claudio Guarnieri, the leading developer of Detekt, a free scanner specifically created to help journalists, activists and human rights defenders find on their computer systems traces of spyware known to be used by various government organizations.

On Wednesday, he tested antivirus solutions from Kaspersky, Avira (Free), G Data and ESET and found that none of them were able to detect a trace of compromise on a system with an active RCS process.

There is no information about the configuration of the security products, but they were most likely running with the default settings. Even so, one would have expected the malware to have been picked up through one layer of defense, especially since its process was running on the computer.

The researcher also showed VirusTotal analysis results from September 26 for the same sample, which revealed that at the time none of the antivirus engines could determine the malicious nature of the uploaded file. Antivirus companies listed on VirusTotal have access to the uploaded files.

Newer variants are also largely undetected
VirusTotal includes limited functionality of the antivirus solutions, so not all the detection features are used. Many products rely on behavioral analysis to detect malware that has not been previously classified.

Bogdan Botezatu, senior malware analyst at Bitdefender, said that their antivirus did catch the RCS sample some time ago, via behavioral detection. Other solutions may also be able to detect the threat in a similar way.

Late last week, Guarnieri tweeted the result of a VirusTotal analysis for a newer sample of RCS spyware and the results were also disheartening: only two engines labeled the file as a threat.

The RCS sample tested by the researcher on Sunday was particularly evasive, as it was disguised as a popular bookmark manager called Linkman, and it also benefited from a valid digital signature.

In a tweet late last week, Outertech, makers of Linkman, warned its customers to check if the name of the publisher matches theirs when the bookmark manager is installed. The malicious version relied on a certificate issued for an entity called Jagdeependra.

Code:

Source: http://news.softpedia.com/news/RCS-Spyware-Goes-Undetected-by-Antivirus-Products-466007.shtml

 

can't trust the g0vrnm3nt.

wouldn't one be able to see some suspicious network activity from something like that?

 

Not necessarily... The NSA is all over your stuff anyways. (sneaky fucks)

 

if they have their way then any kind of private communication whatsoever will be outlawed. the desire of privacy is criminal. it could be mandated that all walls be installed with piezoelectric microphones, so that not anywhere can one talk in private and tampering with these "baby monitors" will be punished to the maximum extent.

the g0v't .. they like to know where all their sheep are

 

In the old days, Anti-Virus software ran by having a couple dozen guys in labs, looking at new software. When software displayed malicious characteristics they would flag it and add it to a list. They'd check PC's against the MD5 sum's of their list and if one popped, they'd quarantine it.

Those were the good old days. Modern malware is encrypted, meaning their is no checksum to distinguish one piece of malware from the same malware on a separate machine. Honestly, antivirus companies are fighting a losing battle. The average time to detect new malware is between 6 and 18 months. All they can do is heuristic analysis. Check for unusual and malicious trends, and then identify those trends and eventually generate a profile of the virus.

The interesting parts are the operating systems it targets, and the fact that is uses a valid IOS signing key, and the specific targets.

 

Yup and they dont like those of us who ARE NOT SHEEP!!!! (Wike awake to the true agenda)

 

they wish to portray us as criminals and outlaws to the rest of society, and hopefully (for them) the next generation will grow up where the desire for privacy is taboo.