The wolf in sheep's clothing - undressed

Thursday 4 October 09:30 - 10:00, Green room

Benoît Ancel (CSIS)
Aleksejs Kuprins (CSIS)



Despite the breach of both Hacking Team and FinFisher, the government malware industry remains a shady market. Due to the amount of secrecy involved, it becomes increasingly more complicated to follow the technologies utilized by these companies and their modus operandi. The lack of transparency can be beneficial when one works with government-related operations. However, it can also be of benefit to any profit-driven actor, who will notice the potential for easy income in such conditions of the market. During our daily monitoring, we have managed to find a fake 'Google Chrome Update' landing page, which we believe is used by a company in its spyware campaigns. The page was designed for infection of Windows, iOS and Android devices. Soon, we were surprised to find a publicly open control panel server. This open C&C has given us the opportunity to collect a variety of precious data: details about the malware, photos and audio recordings from the testing phones, victims' data, and a storage of database backups of the control server. After analysis of the findings, we have figured out that this company appears to be reselling commercial spyware as government espionage spyware. Despite the surprisingly poor quality of the products, we have seen the company do business with serious companies of the legal malware market and even with a government-related institution. While oblivious to the state of its operational security, the company relies simply on making a good impression on potential customers. We propose to present to you some of the work and the achievements of a peculiar German company that 'develops advanced big data systems, cybersecurity & AI, and data extraction solutions for the government and homeland security sectors'.

 

Generic-silhouette-web.jpg

Benoît Ancel

Benoît Ancel is a malware analyst who has worked for six years in France and now with CSIS in Denmark. His research interests include malware hunting, reversing and botnet tracking. He spends his free time monitoring honeypots and providing IOCs.

@benkow_

 

Generic-silhouette-web.jpg

Aleksejs Kuprins

Aleksejs Kuprins is a computer security researcher, living in Denmark and employed by CSIS. He initially started out as a software developer in Latvia and moved to Denmark for education, now specializing in Android malware reversing and threat analysis. Aleksejs dedicates his free time to the quadcopter building hobby, sports and malware hunting.



Back to VB2018 Programme page

Other VB2018 papers

Nomadic Octopus: cyber espionage in Central Asia

Anton Cherepanov (ESET)

TBA (reserve paper)

TBA TBA (TBA)

The Big Bang Theory by APT-C-23

Lotem Finkelstein (Check Point)
Aseel Kayal (Check Point)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.