Home Malware Programs Trojans Galileo RCS

Galileo RCS

Posted: July 15, 2015

Threat Metric

Threat Level: 9/10
Infected PCs: 5
First Seen: July 15, 2015
Last Seen: February 14, 2019
OS(es) Affected: Windows

The Galileo Malware is a product used to monitor and transfer information from your computer. This product is developed and maintained by Hacking Group, a company known for its numerous government clients around the world, and PC users in virtually any region could be theoretical targets of the Galileo Malware campaigns. In spite of its high news profile, you should be able to delete the Galileo Malware with the same anti-spyware strategies and software used to combat similar, high-level threats, such as Swort or Rombertik.

Charting the News Stars of Spyware

The Galileo Malware is one of the latest products made and rented out by Hacking Group, a company known for selling its spyware services to such high-profile entities as the US FBI and the Egyptian government. Although the Hacking Group's services are years old, its recent compromise by third-party hackers allowed various security companies to have access to new information about its products, including the Galileo Malware. As with other applications by this company, the Galileo Malware's primary purpose is collecting information from an infected PC, with the distribution model carried out by a regional government actor.

Although the Galileo Malware currently requires physical access to the PC in question for its installation, the theoretical exploitation of remote install strategies remains viable. The Galileo Malware installs itself with three, separate modules. These modules assist with its rootkit format by providing modified BIOS capabilities, linking those capabilities to system reboots, and, finally, dropping components of the threat (such as the scout.exe file). When acting together, these modules let the Galileo Malware remain installed through multiple system wipes and reinstall routines.

The Galileo Malware may monitor and upload data of types typical for spyware attacks that may include:

  • Your Web browsing history.
  • E-mail messages.
  • Instant messages.
  • Audio data, including voice messages and general microphone input.
  • Visual data, such as your Webcam.

Like most 'professional' spyware products, the Galileo Malware shows zero symptoms of these information-transferring functions and doesn't display memory processes or files in obvious, easily visible locations.

Turning the Galileo Malware into a Falling Star

The Galileo Malware is almost continuously active on an infected PC, although Hacking Group boasts that the Galileo Malware doesn't hinder performance or cause other symptoms that would be readily detectable. Although Hacking Group claims only to offer its products to government branches, its history of concealing some of its clientele, and exposure of having poor security practices, may call that into question. Regardless, most PC users should react to a suspected Galileo Malware infection in the same way they would respond to any spyware infection: by using anti-spyware tools to delete it.

Deleting the Galileo Malware also should be followed by isolating any security holes that could have allowed its introduction into your machine originally. PC users should be especially cautious about sharing their machines with untrustworthy individuals, or sharing potentially unsafe USB devices (some of the most common methods of compromising difficult to access, high profile systems).

At the time of this article's authorship, the Galileo Malware's company is no longer compromised by hackers. However, the data gathered from the company and leaked, including source code, invoices, e-mails and client lists, remains in circulation on torrent networks.

Loading...