As we increasingly rely on mobile devices to create, access, and modify sensitive information, sophisticated nation-state actors such as Russia, Israel, and the U.S. are being forced to expand their traditionally desktop focussed toolsets to now include a mobile surveillanceware capability. This talk will dive into mobile APTs, the nation-state actors leveraging them, and the commonalities and differentiators they share. We will specifically discuss the families ViperRAT and FrozenCell, two bespoke Android surveillanceware tools. One is being deployed against Palestinian individuals and organizations in conjunction with a desktop component, while the other has been seen in targeted attacks against Israeli Defense Forces personnel. Our unique insight into attacker infrastructure allows us to see how widely deployed these tools are and what information has been exfiltrated from compromised devices. The internals of these tools, their capabilities, command and control infrastructure, and their ability to successfully retrieve intelligence from compromised devices will be presented.

Michael is a security analyst at Lookout where he works on reverse engineering sophisticated mobile threats while tracking their evolution, the campaigns they are used in, and the actors behind them. He has hands-on experience in vulnerability research, incident response, security assessments, pen-testing, reverse engineering and the prototyping of automated analysis solutions. When not analyzing malware there's a good chance he's off snowboarding, diving, or looking for flaws in popular mobile apps.

Back to Derbycon 2017 video list