Categories: Malware

Vault 7 Leaks : CIA Android Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

WikiLeaks Revealed a CIA Secret Document of  Android Mobile Hacking Tool called “HighRise” steal the victims Android smartphones data and send to CIA Control server using SMS messages for communication between Victims and CIA Controlled listener posts.

WikiLeaks Revealed Few days before Another CIA Cyber Weapons called “BothanSpy” and “Gyrfalcon” steals the SSH Credentials from both Windows and Linux Platform.

Highrise is a Malicious Android Application Developed by CIA for mobile devices running Android 4.0 to 4.3 with Redirection Function for SMS messaging. And it acts as an SMS proxy for communication between implants and listening posts.

This Application separates the targets and listening port by an act as a proxy and incoming SMS Messages received by HighRise via the Internet and  Send “outgoing” SMS messages via the HighRise host to CIA  listener.

HighRise Provide Highly Encrypted communication channels between Highrise filed operator (targeted victims) and listener posts over TLS/SSL secured internet communications.

How Do Highrise Attack Target Victims

HighRise v2.0 is a successor of HighRise 1.4 to operate with  Android 4.0 to 4.3  devices and old version of Android allowed to easily allowed an event as soon as HighRise installed.

HighRise installed to victims Android Mobile as an application called TideCheck by using browser Navigation to “http://highriseLP.net/files/highrise.apk” for installing into target phone.

According to CIA Document, Once downloaded, tap the entry in your downloads pages and click “OK” to accept the installation. Once installed, proceed to HighRise activation.

HighRise application first must be manually run once before it will automatically run in the background or after a reboot.

Once the installation has completed, it will promote to enter the password.after entering the password “inshallah”  then select the enter code Button.

After entering the password process, press “initialize” button to activate the application. once activation will be done, then it will automatically  HighRise will run in the background listening for events.

Once activated the application, the HighRise configuration will be displayed and To return directly to the configuration, from the main menu, select the button labeled “Show Configuration”. 

Once all the appropriate Configuration was done, HighRise can be used to send short messages from the HighRise host to the LP.

Previous CIA Leaked Tools by WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

8 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

11 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

15 hours ago