Vault 7 - HighRise Android Malware
Following on from previous reports of leaked documentation from the Vault 7 malware framework, WikiLeaks have published documentation for HighRise - an Android trojan.
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Following on from previous reports of leaked documentation from the Vault 7 malware framework, WikiLeaks have published documentation for HighRise - an Android trojan.
Affected platforms
The following platforms are known to be affected:
Threat details
The Android malware is concealed in an application named 'Tide Check' but doesn't feature on the Google Play Store. The application is instead hosted on a third party website. Therefore, the likelihood of infection is reduced as an attacker would require physical access to the target device in order to install the application and gain persistence across reboots.
If a successful attack occurs, an infected device is able to:
- Proxy incoming SMS messages to a command and control (C2) server.
- Send outgoing SMS messages.
- Provide a communication channel between the operator and the C2 server - this suggests that this tool was not designed specifically for a target's device but also as a secure communication method for operatives.
The full documentation can be found at the following address: https://wikileaks.org/vault7/#Highrise
Remediation steps
Last edited: 14 January 2022 2:03 pm