What is WikiLeaks' new dump HighRise? CIA Android malware allows spies to covertly steal data

WikiLeaks says that HighRise functions as an SMS proxy to remotely steal data from hacked smartphones.

Google axed massive Android adfraud botnet Chamois from Play Store — According to WikiLeaks, HighRise steals data and passes it along to the CIA’s remote listening post (LP) server REUTERS/Dado Ruvic/Illustration

WikiLeaks has published its latest Vault 7 documents, revealing the CIA's alleged Android malware dubbed HighRise that has been designed to allow spies to covertly steal data from targeted smartphones. According to WikiLeaks, HighRise functions as an SMS proxy and sends stolen data to the CIA via SMS.

WikiLeaks documents reveal that HighRise masquerades as an app called TideCheck, which needs to be manually downloaded onto targeted phones "before it will automatically run in the background or after a reboot".

"HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts," WikiLeaks said.

Targeted users can be tricked into downloading the alleged CIA malware-laced TideCheck app. However, the app reportedly requires users to enter a password to open it up; the password is "inshallah" which is an Arabic word that roughly translated means "God willing". It is unclear why the phrase "inshallah" was used as a password for the app. According to Hackread, the phrase is commonly used in the Arab world and could likely hint that the malware was designed to target Arabic or Muslim people.

According to the user guide published by WikiLeaks, once configured, the malware-laced app runs surreptitiously in the background, checking for incoming messages, which it then passes along to the CIA's remote listening post (LP) server.

RELEASE: CIA Android phone SMS proxy 'HighRise' which masquerades as 'TideCheck' to form a covert messaging network https://t.co/wyNM6dOgnp pic.twitter.com/fMIrKbFhpG
— WikiLeaks (@wikileaks) July 13, 2017

According to the leaked user manual, HighRise's primary features are:

Send a copy of all incoming SMS messages to a CIA-controlled remote internet-based server
Send SMS messages from the target's compromised smartphone
Provide a communications channel between the HighRise field operator & the CIA's LP
Provide a TLS/SSL secured internet communications

WikiLeaks' dump is part of its Vault 7 series, which allegedly details the various kinds of hacking tools the spy agency uses to surveil its targets. HighRise is the 16<sup>th data dump and comes just a week after WikiLeaks published its previous Vault 7 files, detailing the CIA's hacking tools targeting Windows and Linux systems.

Hacking