Sunday, January 26, 2025
HomeMalwareVault 7 Leaks : CIA Android Hacking Tool "HighRise" Steals Data From...

Vault 7 Leaks : CIA Android Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

Published on

SIEM as a Service

Follow Us on Google News

WikiLeaks Revealed a CIA Secret Document of  Android Mobile Hacking Tool called “HighRise” steal the victims Android smartphones data and send to CIA Control server using SMS messages for communication between Victims and CIA Controlled listener posts.

WikiLeaks Revealed Few days before Another CIA Cyber Weapons called “BothanSpy” and “Gyrfalcon” steals the SSH Credentials from both Windows and Linux Platform.

Highrise is a Malicious Android Application Developed by CIA for mobile devices running Android 4.0 to 4.3 with Redirection Function for SMS messaging. And it acts as an SMS proxy for communication between implants and listening posts.

This Application separates the targets and listening port by an act as a proxy and incoming SMS Messages received by HighRise via the Internet and  Send “outgoing” SMS messages via the HighRise host to CIA  listener.

HighRise Provide Highly Encrypted communication channels between Highrise filed operator (targeted victims) and listener posts over TLS/SSL secured internet communications.

How Do Highrise Attack Target Victims

HighRise v2.0 is a successor of HighRise 1.4 to operate with  Android 4.0 to 4.3  devices and old version of Android allowed to easily allowed an event as soon as HighRise installed.

HighRise installed to victims Android Mobile as an application called TideCheck by using browser Navigation to “http://highriseLP.net/files/highrise.apk” for installing into target phone.

CIA Android Hacking Tool "HighRise" Steals Data through SMS
CIA Android Hacking Tool "HighRise" Steals Data through SMS
CIA Android Hacking Tool "HighRise" Steals Data through SMS

According to CIA Document, Once downloaded, tap the entry in your downloads pages and click “OK” to accept the installation. Once installed, proceed to HighRise activation.

HighRise application first must be manually run once before it will automatically run in the background or after a reboot.

Once the installation has completed, it will promote to enter the password.after entering the password “inshallah”  then select the enter code Button.

After entering the password process, press “initialize” button to activate the application. once activation will be done, then it will automatically  HighRise will run in the background listening for events.

Once activated the application, the HighRise configuration will be displayed and To return directly to the configuration, from the main menu, select the button labeled “Show Configuration”. 

Once all the appropriate Configuration was done, HighRise can be used to send short messages from the HighRise host to the LP.

Previous CIA Leaked Tools by WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control

Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc,...