The surveillance company that was just hacked managed to sneak an Android spy app right past Google

Advertisement

Hacking Team

Hacking Team

The revelations about Hacking Team just keep coming.

Advertisement

The Italian company, which sold surveillance technologies to a number of governments and organizations (many of which are considered less than stand-up institutions), had its own networks hacked and documents dumped online last week.

Now, journalists and researchers alike have been combing through the documents to see what sort of technology Hacking Team was using and who they were dealing with.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The latest discovery involves an Android app that appears to be a piece of spyware - and this app was able to bypass Google Play's app restrictions.

These new findings, which come from the security research company Trend Micro, indicate that Hacking Team build a fake Android news app. It was called "BeNews," which happens to also be the name of another, now defunct news site.

Advertisement

It appears that Hacking Team was able to build the fake app so that it looked legitimate enough to be accepted into the Google Play app store. Nestled inside the app's code, however, was a backdoor to make it a mobile spy tool. Trend Micro writes that this app was available for download until as recently as July 7.

The research firm also discovered a how-to section, which, according to Trend Micro, included "detailed instructions on how customers can manipulate the backdoor as well as a ready-made Google Play account they can use."

It seems this BeNews app was only downloaded about 50 times, but the discovery on its own indicates that Hacking Team created a way to build mobile malware that could make it into the Google Play store without alerting Google. While executing this sort of attack requires getting access to a target's phone and individually downloading the app, it does highlight a huge problem for Google Play's app vetting.

And now that Hacking Team's documents have been leaked, there's no telling what other organizations are going to discover this wealth information as well, using it as a guideline for their own nefarious projects.

NOW WATCH: Mark Cuban explains why downloading Snapchat is a huge mistake