Beware of powerful Android spyware Skygofree

There have been so many spy movies and rumours of covert surveillance that some people have become paranoid about their privacy. Unfortunately for the world, it’s now become even more true with the discovery of Skygofree, a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

According to researchers at Kaspersky Lab, this advanced mobile implant has been active since 2014 and is specifically designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. It includes functionality never seen in the wild before, such as location-based audio recording through infected devices.

The spyware is spread through web pages mimicking leading mobile network operators.

Since creation in 2014, Skygofree has undergone continuous development and can now eavesdrop on surrounding conversations and noise when an infected device enters a specified location. Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory.

Even worse news is that it can protect itself from getting turned off by battery-saving techniques – it cleverly adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,”  said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

To protect your mobile device:

  • Implement a reliable security solution
  • Exercise caution when receiving emails from those you don’t know
  • Be cautious of unexpected requests or attachments
  • Always double-check the integrity and origin of websites before clicking on links

Further a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules, click here 

Leave a Reply

Your email address will not be published. Required fields are marked *