A malware designed for law enforcement agencies reportedly targeted political activists in the Middle East following a vulnerability in Flash Player, a browser-based application runtime that enables viewing of expressive applications.
Golovanov and Alexander Polyakov, both from Kaspersky Lab, notified Flash Player of the two vulnerabilities after they identified the CVE-2013-0633 weakness, leading to an emergency update by the company.
“The exploits for CVE-2013-0633 have been observed while monitoring the so-called ‘legal’ surveillance malware created by the Italian company HackingTeam,” said Golovanov in a blog post.
On notification Adobe released an emergency update for Flash Player to address the two zero day unpatched weaknesses.
The ‘RemoteControlSystem’, malware commonly referred to as the RCS, that was found to have been used is believed to have been created in Milan by HackingTeam, which develops computer surveillance programs to be sold to law enforcement and intelligence agencies.
The malware, since named DaVinci, got the attention of Kaspersky in August 2012 and had been under surveillance after being detected in a host of countries including Italy, Mexico, Kazakhstan, Saudi Arabia, Turkey, Argentina, Iran, and India.
In Africa, DaVinci has been found in Algeria, Mali and Ethiopia, some of which are known for online monitoring.
RCS is known to record conversations in various chat platforms including Facebook, Skype, Yahoo Messenger and Google Talk. It also has the ability to retrieve the chat history and activate communication gadgets such as webcams and microphones.