Researchers claim to have uncovered a new Android spying tool linked to a relatively unknown Israeli company. The findings come as part of ongoing investigations by the researchers into commercial, surveillance-focused malware, and suggest that a booming mobile spyware industry shows no sign of slowing down.
During a talk at the Black Hat hacking conference on Wednesday, Megan Ruthven, a software engineer on Google’s Android Security team, and Andrew Blaich, a security researcher at cybersecurity company Lookout, presented their findings on Lipizzan, a set of surveillance apps that until recently were hosted on the Google Play store.
Videos by VICE
“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” Google researchers wrote in a blog post published on Wednesday. The apps would pose as legitimate and banal pieces of software, such as a backup application, and once installed would download more malicious software and jailbreak the device with known exploits. Google found fewer than 100 devices (0.000007 percent of all Android devices) infected with Lipizzan malware, according to the blog post.
Lipizzan is linked to Equus Technologies, an Israel-based company, according to the researchers. In response to a question from a Forbes reporter during the Black Hat presentation, Ruthven said the reference to Equus Technologies was included in a configuration file of Lippizan.
Equus Technologies is “a privately held company specializing in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations,” according to the company’s LinkedIn page. At least one employee of Equus Technologies, per the company’s LinkedIn profile, is a former staff member of NSO Group, a notorious, Israeli malware vendor.
A source familiar with Equus Technologies told Motherboard that the company also provides iOS capabilities, and that the firm purchases details on software bugs. A second source, who has worked in the surveillance industry, said that Equus Technologies has been in the malware business for years, and that the company has been attending ISS World, a well-known surveillance industry conference for a couple of years. Other than malware, the source claimed, Equus Technologies sells app interception, or cloud interception technology in the form of physical devices that can be carried in backpacks. The devices are designed to steal passwords and other sensitive personal data by connecting to nearby cellphones.
Motherboard granted both sources anonymity to freely discuss sensitive industry matters.
Equus Technologies appears to have neither a website nor much of any online presence to speak of, though researchers with the shadowy Israeli company have previously been quoted in media reports. Amihai Neiderman, head of research at Equus, demonstrated exploits against a city’s Wi-Fi network in 2015. Neiderman also discovered a host of issues with Tizen, an open-source operating system from Samsung.
Google has suspended 16 offending apps from the Google Play Store since it discovered the Lippizan malware, according to the researchers.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.