Flash Player Zero-Day Used to Push “Legal” Surveillance Malware

The spyware is sold by an Italian company that caters to governments

By Eduard Kovacs on February 13th, 2013 14:33 GMT

Kaspersky experts say that the recently patched Flash Player zero-day exploit is being used to install a piece of spyware on the computers of political dissidents and human rights activists from around the world.

Gamma Group’s surveillance application FinFisher is not the only piece of malware that’s advertised as being legitimate when in reality it’s used by totalitarian regimes to closely monitor the masses.

Over the past period, Kaspersky has been analyzing another similar tool. It’s called RCS, or DaVinci, and it’s developed by Italian firm HackingTeam, which advertises it as a Remote Control System that’s sold only to government law enforcement and intelligence agencies.

However, it appears that the Italian company doesn’t really care if its products are utilized by governments that are famous for not caring too much about human rights.

During their analysis, Kaspersky experts have identified RCS infections in countries such as Ethiopia, India, Iran, Mali, Algeria, Argentina, Saudi Arabia, Kazakhstan, Italy, Mexico and Turkey.

“As it usually happens with such dubious software, it’s impossible to say who uses them and for what purpose,” Kaspersky Lab Expert Sergey Golovanov explained.

“The problem with so-called ‘legal’ spy tools is that any government can purchase them, including governments from countries with a poor human rights records. Additionally, one government can purchase these tools and use them against another country.”

The researchers have also identified a connection between HackingTeam and Vupen, the controversial French company that’s said to be selling exploits to governments.

Kaspersky has found at least a couple of exploits from Vupen being used in the RCS attacks. However, experts say that it’s uncertain if HackingTeam is one of Vupen’s customers or if both companies have independently created the exploits.

In any case, Kaspersky’s products are capable of detecting and neutralizing the threat.
RCS infections
   RCS infections
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments