Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries. One of their services is running some pretty intense Red Team exercises.
The team at Datacom TSS recnetly ported its Red Team Trojan over to the Android platform, and it's surprisingly easy to trick people into installing it. You just email it to them and ask them to install the APK package.
And what you get once you're on someone's phone is quite awesome. Not only can you turn on the microphone and snoop on boardroom conversations, but you can use the 3G or LTE connection on the device to do your exfiltration. That way you're completely bypassing the heavily watched gateway. You can also use it to bypass SMS-based authentication.
Mark Brand is the Datacom TSS guy who did the Android port. He joined me by phone to tell us all about it.
