Vault 7 Leaks : CIA Android Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

WikiLeaks Revealed a CIA Secret Document of  Android Mobile Hacking Tool called “HighRise” steal the victims Android smartphones data and send to CIA Control server using SMS messages for communication between Victims and CIA Controlled listener posts.

WikiLeaks Revealed Few days before Another CIA Cyber Weapons called “BothanSpy” and “Gyrfalcon” steals the SSH Credentials from both Windows and Linux Platform.

Highrise is a Malicious Android Application Developed by CIA for mobile devices running Android 4.0 to 4.3 with Redirection Function for SMS messaging. And it acts as an SMS proxy for communication between implants and listening posts.

This Application separates the targets and listening port by an act as a proxy and incoming SMS Messages received by HighRise via the Internet and  Send “outgoing” SMS messages via the HighRise host to CIA  listener.

HighRise Provide Highly Encrypted communication channels between Highrise filed operator (targeted victims) and listener posts over TLS/SSL secured internet communications.

How Do Highrise Attack Target Victims

HighRise v2.0 is a successor of HighRise 1.4 to operate with  Android 4.0 to 4.3  devices and old version of Android allowed to easily allowed an event as soon as HighRise installed.

HighRise installed to victims Android Mobile as an application called TideCheck by using browser Navigation to “http://highriseLP.net/files/highrise.apk” for installing into target phone.

According to CIA Document, Once downloaded, tap the entry in your downloads pages and click “OK” to accept the installation. Once installed, proceed to HighRise activation.

HighRise application first must be manually run once before it will automatically run in the background or after a reboot.

Once the installation has completed, it will promote to enter the password.after entering the password “inshallah”  then select the enter code Button.

After entering the password process, press “initialize” button to activate the application. once activation will be done, then it will automatically  HighRise will run in the background listening for events.

Once activated the application, the HighRise configuration will be displayed and To return directly to the configuration, from the main menu, select the button labeled “Show Configuration”. 

Once all the appropriate Configuration was done, HighRise can be used to send short messages from the HighRise host to the LP.

Previous CIA Leaked Tools by WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government entities and energy companies.  The attackers,…

1 hour ago

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to dismantle its operations. Initially detected in…

2 hours ago

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big…

2 hours ago

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards…

2 hours ago

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within…

5 hours ago

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.  The write-up outlines…

7 hours ago