Era un bel lunedi, no?
Github del leak:
Infosec.exchange mastodon thread
In breve:
The documentation contains a screenshot of the controller, titled Security System (V3.0.0.3)
- A Mac version also exists, with features such as remote shell, file management, screenshot and keylogging.
- An iOS version also… exists somehow, and they claim that this supports all iOS versions. Includes features such as gathering hardware information, GPS data, contacts, media files, and real-time audio record.
No jailbreak required.- Android version also exists, supporting Android 6.0 and above. Features include obtaining system information, GPS, contacts, SMS, call logs, browser history, app list, real-time audio recording, process list, camera, WiFi list, screenshot, keylogging, and system info.
- Few interesting tidbits for the Android one
- Ability to dump messages from QQ, WeChat, and MoMo - all popular Chinese IM apps (requires root)
- Ability to keylog specifically QQ, WeChat, Momo AND Telegram.
- Ability to elevate as system app for persistence (requires root)
- Linux version also exists that specifically supports CentOS 5/6/7 & Ubuntu 12/14. Oddly old versions of these distros. Features include remote shell, file management, Socks5 proxy via SocksCap64, port reuse. Controller appears to be named “TracedStone”
This is the weirdest of them all - a WiFi-capable device that can inject into the targeted… Android devices via WiFi? The device is said to be portable, plug and play, supports 3G and 4G. After a successful injection, it can get device info, GPS, SMS, contacts, call log, files
Another one: “WiFi Near Field Attack System,” with a Standard and Mini edition. The standard version can be installed on a specifically crafted device and be used to infiltrate the internet network… somehow. It doesn’t explain.
The Mini version is said to be able to disguise as a power strip, power adapter etc. and can be set up to connect to target WiFi and establish a SOCKS tunnel with the internal network
The standard version comes with 4G ability, 8GB eMMC, dual core 1.2GHz ARM processor, 10000 mAh battery, whilst the mini version runs on MIPS with 128MB of DDR2(?) and does not contain a battery.
The standard version is disguised as a Xiaomi battery, whilst the mini version is just a plain PCB that can be inside anything.
The Standard edition can be used to crack WiFi passwords, LAN port sniffing, SOCKS tunnel, port projection, remote shell, file management, and remote detonation (self-destruct).
Next chapter, they also have a DDoS system. The botnet client is 29kb sized and can be deployed on to Windows, Linux, or generic IoT devices with the total throughput of 10~100Gbps (or GBps? not specified).
Continua, aprite il primo link per l’analisi con immagini e screenshot.
Roba interessante. Forwardo al nostro Sec Team tanto per vedere quante madonne tireranno 
