Update: Hacking Team develop malware for Windows, Flash and Android

Updated Private source code pinched from Hacking Team, and then revealed on the internet, has exposed new vulnerabilities in software that are misused by the spyware developer to infect targets’ systems.

Researches done by cyber security professionals suggest that stolen data of the Hacking Team contains a number of unpatched and unreported Adobe, Windows and Android flaws that hackers have been targeting for years now. Many vulnerabilities and their coding is enclosed within the disclosed document, as stated by the experts from Trend Micro. Cybersecurity researchers analyze and discovered at least 3 exploits, all targeting Microsoft’s Windows OS and Flash Player.

Among the three, 2 bugs have been developed for Flash and the vulnerability for Windows, CVE-2015-0349, has previously fixed.

Hacking Team felt pride and pleased with its performance, tagging its Flash exploits as the “most beautiful Flash bug for the last four years,” according to an article published on Wednesday by Trend Micro. The vulnerabilities in Flash are waiting to obtain CVE numbers.

Symantec researchers wrote in an article published on Tuesday, “Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.”

The spokesperson from Adobe said firm authorities are aware of the results and expect to issue a patch on Wednesday. The authorities have no sign the vulnerability is being actively misused at the time. Trend Micro experts reported that the zero-day was one of two Flash vulnerabilities, which was patched by Adobe in April 2015.

Distinctly, a report on Twitter from a famous exploit broker claimed a distinct zero-day in the Windows kernel.

An English version of the vulnerability analysis exposed from the Hacking Team, which is accessible here, shows the exploit is in every edition of Windows from the time of Windows XP.

Trend Micro says, “While Hacking Team stated that this was the most beautiful bug since CVE-2010-2161, we can see that several bugs have used this ValueOf trick, including CVE-2015-0349 which was used at Pwn2Own 2015.”

Threat communication manager at Trend Micro, Christopher Budd said, “A separate attack against one of these vulnerabilities shows that not sharing the discovery of vulnerabilities with the vendor or broader security community leaves everyone at risk. This latest attack is yet another demonstration that Adobe is a prime target for exploit across commercial and consumer IT systems.”

User at Reddit also stated finding a formerly strange vulnerability in SELinux and refer to this Github source, which seemed to suggest the vulnerability could be utilized against Android mobiles, which include the Linux.

The exploits can be utilized to secretly install the surveillance software of the Hacking Team, or other kinds of malware, on victims’ systems with no sign whatsoever. In case the exploits revealed from the massive Hacking Team hack are limited to 2 or 3 unpatched vulnerabilities in SELinux, Flash and Windows, the potential damage will be lower than it might have been. But, considering the fact that 400GB of data had been stolen from Hacking Team – the chances are, there might be more surprises on their way to hit us sooner or later.

A representative from Hacking Team told:

HackingTeam has been the victim of an online attack, and documents have been stolen from the company. We are investigating to determine the extent of this attack and specifically what has been taken. We are working with several appropriate law enforcement to determine who is responsible.

We cannot comment on the validity of documents purportedly from our company. However, interpreting even valid documents without [a] complete picture of why they were created or how they were used can easily lead to misunderstandings and even false conclusions.


Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.

1 thought on “Update: Hacking Team develop malware for Windows, Flash and Android”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.