After extensive amounts of Hacking Team’s internal data leaked online recently, researchers have been combing through it to find what kind of attacks the company was using. One attack, uncovered by FireEye, weaponized apps from the top charts of the App Store including Facebook, WhatsApp, Viber, Google Chrome, Telegram and Skype to steal user data. Hacking Team modified the apps to hide in plain sight, operating as what appears to be the official apps while silently stealing user data in the background.
A library injected into the modified apps can steal the following, according to FireEye: Voice call recording in Skype, Wechat, etc. Text message intercepting in Skype, WhatsApp, Facebook Messenger, etc. Chrome website history, Phone call, SMS/iMessage content, Precise GPS coordinate, recording in background, Contact information, Photos.
The modified apps utilized a previously uncovered ‘masque’ attack which made it possible to install a modified app over the top of an official one by prompting the user to install what was seemingly an innocuous app. FireEye, which also discovered the attack method, reported it to Apple last year and it was patched in iOS 8.1.3. Today’s news marks the first time we’ve learnt that the attack was being used in the wild.