The majority of the servers were based in the United States, Kazakhstan, Ecuador, the UK and Canada. Kaspersky Lab principal researcher, Sergey Golovanov, said the presence of these servers in a given country didn't mean they were used by that particular country's law enforcement agencies.
"However, it makes sense for the users of RCS to deploy C&Cs in locations they control — where there are minimal risks of cross-border legal issues or server seizures." Although in the past it had been known that HackingTeam's mobile Trojans for iOS and Android existed, no organisation has actually previously identified them or noticed them being used in attacks, according to Kaspersky.
New variants of samples received from victims through Kaspersky Lab's cloud-based Security Network assisted with the investigation.
Sign up for Computerworld eNewsletters.