Demovideo spy software from RCS Lab cyber weapon developers have leaked to the network

The developers of malware and spyware, as well as those who create "ordinary" software, need to somehow convince customers to buy their sometimes very expensive products. In the world of white design, there is a familiar demonstration mechanism for this, which allows potential buyers to understand how technology works - this method was adopted by hackers who are suspected of working for the special services of different countries.

A video has flowed into the network, which is supposed to show the work of spyware from the company RCS Lab.
')

What are we talking about

Unlike the Hacking Team grouping, which cooperates with the intelligence services of many countries and has been subjected to large-scale hacking , not much is known about the activities of the RCS Lab . However, now the editors of Motherboard have at their disposal the previously unpublished ten-minute demovideo , which shows the work of one of the cyber-espionage tools called Mito3 .

The video supposedly captured representative of RCS Lab, which explains the principles of the program to an unknown man. Among other things, the potential customer was told about managing the software through a special panel, and also demonstrated the possibility of MITM-attacks and infect the target computer whose user visits a certain website.



The popular chat client site for IRC MITC.com (4:45 video) was chosen for the attack. At the moment the victim enters the site, a fake pop-up window appears to install the Adobe Flash Player updates. After downloading this update, spyware is installed on the computer.

“The whole installation process in reality is completely fake. In fact, the computer is already infected, "- a representative of the RCS Lab commented on the demonstration.

What can spyware

Using Mito3, such attacks can be carried out in a few clicks by applying the appropriate rule in the control panel. The agent can choose which site to use as an attack vector, click on the drop-down menu, select “inject HTML” to trigger a pop-up window to install the malware.

The software allows you to intercept traffic, including voice and video calls, messages, activity in social networks and instant messengers - both on computers and on mobile devices. According to the Motherboard, among the users of such systems there may be special services and police departments, which are attracted, including the ability to track targets using GPS. Mito3 can even automatically decipher intercepted voice calls into text — this is reported in a special product brochure that journalists have at their disposal.

In the comments to the news on the website of cryptographer Bruce Schneier, users share additional information. So according to Wikileaks, RCS held presentations for the participants of the Hackin Team in the hope of further cooperation.

No unique or previously unknown attacks are shown on the demo video - the use of fake Flash updates has been widely used for many years. However, such leaks allow us to lift the veil of secrecy and learn a little more about how the market for the production and sale of cyber weapons works.