Wikileaks Says CIA Using Android App Highrise To Spy On Users Mobile

HighRise is the Android application programmed for mobile devices running Android 4.0 to 4.3. It provides a redirection network for incoming and outgoing SMS messages on the device it is installed on. This redirection network is used by a number of IOC tools. IOC tools use SMS messaging as the primary communication method between the device that has been implanted with HighRise and the receiving end, referred to as “listening posts” or “LP”. HighRise behaves as the SMS proxy platform, which gives larger separation between the implanted devices in the field i.e. the “targets” and the receiving devices i.e. listening post (LP). This platform creates a proxy for “incoming” and “outgoing” SMS messages on the target and sends a copy of the messages to an internet LP. Highrise creates a conversation medium between the target and the Listening post using a TLS/SSL secured internet communication.

The news release as mentioned above hosts a 12-page document. This is a user guide by CIA for ‘Highrise’, created at CIA’s Information Operations Center. The newer versions of Android do not allow the application to launch automatically. The installed application at least has to be launched manually once by the user or requires a reboot of the device. Thus the HighRise 2.0 which is an updated port to Highrise 1.4, has to be manually run once after it is installed. The application will run automatically in the background after the device goes through a reboot. Because of the updated versions of the Android Operating system HighRisenow appears as an installed application in the App Manager. It appears as TideCheck. The application uses “inshallah” as a password to install the application. This word is from the Arabic language, which when translated to English means “God Willing”. There is a lot of contemplation as to the password is in Arabic but no concrete explanation is available.  Once this malware is installed into the victim’s phone it acts as a strong spying tool.

Tips to Prevent From geting your system infected:

1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cyber criminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated:To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to survey, outdated/older versions of windows operating system are an easy target.
3. Third party installation:Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Back up: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Free Malware RemovalTool. Apart from this we would suggest a regular updating of these software to detect and avoid latest infections.
6. Install a powerful ad-blocker for Chrome, Mozilla and IE.