Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

FBI Android malware used for investigations

Former FBI officers revealed to the Wall Street Journal the existence of FBI Android malware that is used to spy on suspects for investigations. The FBI is using mobile Android malware to spy on suspects for its investigations, the news is not surprising but is the confirmation that law enforcement are exploiting new technologies for […]

FBI Android malware used for investigations

Former FBI officers revealed to the Wall Street Journal the existence of FBI Android malware that is used to spy on suspects for investigations.

The FBI is using mobile Android malware to spy on suspects for its investigations, the news is not surprising but is the confirmation that law enforcement are exploiting new technologies for surveillance purposes.

The Federal Bureau of Investigation uses malicious code to record nearby sounds and copy data stored on the suspect’s handset without physical access to the device, the news has been published by Wall Street Journal that interviewed former officers. The popular journal published an interesting post on the legal surveillance activities that in the past were discussed for the impairment of desktop computers, but mobile phones are a relatively new target considering that we discussed just a few months ago of projects conducted by the Bureau to exploit any kind of mobile devices for its investigations.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.” States WSJ post.

FBI Android Malware

The spying techniques still request an “active participation” of victims that need to visit a compromised website, or click on an infected link or worst to open a malicious attachment, for this reason the methods is still not useful to investigate on tech-savvy suspects that could easily note something of strange on their mobile handsets. It is not a mystery that the FBI is adopting hacking instruments for the resolution of cases involving organized crime, child pornography or counterterrorism.

Computer hackers are never targeted this way, they might notice the FBI Android malware disclosing news and evidences on its existence,  former officers confirmed that in other circumstances the technique was very useful and efficient.

The FBI develops hacking tools internally and purchases others from the private sector for a long time, the FBI Android malware can remotely activate the microphones in phones to record conversations. For the moment Google declined to comment the revelations.

Another interesting particular revealed by the same officers on the FBI Android malware is that this type of investigation does require judicial oversight, but if one is recording activities rather than communications, the level of authorization necessary is much reduced. The reason is that there is a false conviction within US judges that the approval of the use of any malware is considered a minor privacy violation respect the traditional wiretap.

How does work the FBI Android malware?

It is still not clear, but it is very likely that developers use zero-day exploit of which the platform manufacturer is unaware, in this way they could exploit the flaw to take remote control of the devices. The sale of zero-day is becoming very common also within the private industry, many private firms develop exploits for unknown vulnerabilities such as the Italian Hacking Team and the UK-based lawful spook spyware supplier Gamma International. Gamma International has a long collaboration with law enforcement for which provides many products for surveillance purposes.

The news of the availability of an FBI mobile malware confirms the intention manifested in the last months by law enforcement to be able to spy on any kind of electronic devices for investigation … so what do you expect on the future?

For sure more sophisticated agents able to infect suspect’s handset without its “collaboration”, exactly like already happen for desktop and laptop devices … next step will be possibility to spy on suspects thought gaming platform, smart meters and SmartTV … or probably they are already reality 😉

Pierluigi Paganini

(Security Affairs – Law Enforcement, FBI Android malware)