Despite the breach of both Hacking Team and FinFisher, the government malware industry remains a shady market. Due to the amount of secrecy involved, it becomes increasingly more complicated to follow the technologies utilized by these companies and their modus operandi. The lack of transparency can be beneficial when one works with government-related operations. However, it can also be of benefit to any profit-driven actor, who will notice the potential for easy income in such conditions of the market. During our daily monitoring, we have managed to find a fake 'Google Chrome Update' landing page, which we believe is used by a company in its spyware campaigns. The page was designed for infection of Windows, iOS and Android devices. Soon, we were surprised to find a publicly open control panel server. This open C&C has given us the opportunity to collect a variety of precious data: details about the malware, photos and audio recordings from the testing phones, victims' data, and a storage of database backups of the control server. After analysis of the findings, we have figured out that this company appears to be reselling commercial spyware as government espionage spyware. Despite the surprisingly poor quality of the products, we have seen the company do business with serious companies of the legal malware market and even with a government-related institution. While oblivious to the state of its operational security, the company relies simply on making a good impression on potential customers. We propose to present to you some of the work and the achievements of a peculiar German company that 'develops advanced big data systems, cybersecurity & AI, and data extraction solutions for the government and homeland security sectors'.
MetadataTo be recorded?: No
URLs for Wolf in Sheep’s Clothing - updated
- Wednesday Aug. 14 11:00 - 12:00 at Speakers Tent