Connect with us

Hi, what are you looking for?


Endpoint Security

Code of App Security Tool Posted to GitHub

Code of DexGuard, software designed to secure Android applications and software development kits (SDKs), was removed from GitHub last week, after being illegally posted on the platform.

Code of DexGuard, software designed to secure Android applications and software development kits (SDKs), was removed from GitHub last week, after being illegally posted on the platform.

The tool is developed by Guardsquare, a company that specializes in hardening Android and iOS applications against both on-device and off-device attacks, and is designed to protect Android applications and SDKs against reverse engineering and hacking.

The DexGuard software is built on top of ProGuard, a popular optimizer for Java and Android that Guardsquare distributes under the terms of the GNU General Public License (GPL), version 2. Unlike ProGuard, however, DexGuard is being distributed under a commercial license.

In the DMCA takedown notice published on GitHub, Guardsquare reveals that the DexGuard code posted on the Microsoft-owned code platform was illegally obtained from one of their customers.

“The listed folders (see below) contain an older version of our commercial obfuscation software (DexGuard) for Android applications. The folder is part of a larger code base that was stolen from one of our former customers,” the notice reads.

The leaked code was quickly removed from the open-source hosting platform, but it did not take long for it to appear on other repositories as well. In fact, Guardsquare said it discovered nearly 200 forks of the infringing repository and that demanded all be taken down.  

HackedTeam, the account that first published the stolen code, also maintains repositories of open-source malware suite RCSAndroid (Remote Control System Android).

Advertisement. Scroll to continue reading.

The spyware was attributed several years ago to the Italy-based Hacking Team, a company engaged in the development and distribution of surveillance technology to governments worldwide. Earlier this year, Intezer discovered a new backdoor based on the RCS surveillance tool.

Related: New Backdoor Based on HackingTeam’s Surveillance Tool

Related: New Hacking Team Spyware Samples Detected: ESET

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...