Categories: Malware

Vault 7 Leaks : CIA Android Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

WikiLeaks Revealed a CIA Secret Document of  Android Mobile Hacking Tool called “HighRise” steal the victims Android smartphones data and send to CIA Control server using SMS messages for communication between Victims and CIA Controlled listener posts.

WikiLeaks Revealed Few days before Another CIA Cyber Weapons called “BothanSpy” and “Gyrfalcon” steals the SSH Credentials from both Windows and Linux Platform.

Highrise is a Malicious Android Application Developed by CIA for mobile devices running Android 4.0 to 4.3 with Redirection Function for SMS messaging. And it acts as an SMS proxy for communication between implants and listening posts.

This Application separates the targets and listening port by an act as a proxy and incoming SMS Messages received by HighRise via the Internet and  Send “outgoing” SMS messages via the HighRise host to CIA  listener.

HighRise Provide Highly Encrypted communication channels between Highrise filed operator (targeted victims) and listener posts over TLS/SSL secured internet communications.

How Do Highrise Attack Target Victims

HighRise v2.0 is a successor of HighRise 1.4 to operate with  Android 4.0 to 4.3  devices and old version of Android allowed to easily allowed an event as soon as HighRise installed.

HighRise installed to victims Android Mobile as an application called TideCheck by using browser Navigation to “http://highriseLP.net/files/highrise.apk” for installing into target phone.

According to CIA Document, Once downloaded, tap the entry in your downloads pages and click “OK” to accept the installation. Once installed, proceed to HighRise activation.

HighRise application first must be manually run once before it will automatically run in the background or after a reboot.

Once the installation has completed, it will promote to enter the password.after entering the password “inshallah”  then select the enter code Button.

After entering the password process, press “initialize” button to activate the application. once activation will be done, then it will automatically  HighRise will run in the background listening for events.

Once activated the application, the HighRise configuration will be displayed and To return directly to the configuration, from the main menu, select the button labeled “Show Configuration”. 

Once all the appropriate Configuration was done, HighRise can be used to send short messages from the HighRise host to the LP.

Previous CIA Leaked Tools by WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago