Security analysts have disclosed a standout amongst the most effective and very propelled Android spyware instruments that give programmers full control of infected android gadgets remotely.
Named Skygofree, the Android spyware has been intended for focused observation, and it is accepted to have been focusing on countless for as far back as four years.
Since 2014, the Skygofree embed has increased a few novel highlights already inconspicuous in the wild, as indicated by another report distributed by Russian cybersecurity firm Kaspersky Labs.
The ‘remarkable new features’ include location-based audio recording using device’s microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.
Skygofree is being dispersed through phony site pages impersonating real system administrators, a large portion of which had been enlisted by the assailants since 2015—the year when the conveyance battle was most dynamic, as per Kaspersky’s telemetry information.
Italian IT Company Behind Skygofree Spyware?
Researchers at Kaspersky Lab believe the hacker or hacking group behind this mobile surveillance tool has been active since 2014 and are based in Italy—the home for the infamous ‘Hacking Team’—one of the world’s bigger players in spyware trading.
“Given the many artefacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam,” said the report.
Kaspersky found several Italian devices infected with Skygofree, which the firm described as one of the most powerful, advanced mobile implants it has ever seen.
Although the security firm has not confirmed the name of the Italian company behind this spyware, it found multiple references to Rome-based technology company “Negg” in the spyware’s code. Negg is also specialised in developing and trading legal hacking tools.
Skygofree: Android Spyware Tool
Once installed, Skygofree hides its icon and starts background services to conceal further actions from the user. It also includes a self-protection feature, preventing services from being killed.
As of October last year, Skygofree became a sophisticated multi-stage spyware tool that gives attackers full remote control of the infected device using a reverse shell payload and a command and control (C&C) server architecture.
According to the technical details published by researchers, Skygofree includes multiple exploits to escalate privileges for root access, granting it ability to execute most sophisticated payloads on the infected Android devices.
One such payload allows the implant to execute shellcode and steal data belonging to other applications installed on the targeted devices, including Facebook, WhatsApp, Line, and Viber.
“There are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features,” the researchers said.
Skygofree’s control (C&C) server also allows attackers to capture pictures and videos remotely, seize call records and SMS, as well as monitor the users’ geolocation, calendar events and any information stored in the device’s memory.
Besides this, Skygofree also can record audio via the microphone when the infected device was in a specified location and the ability to force the infected device to connect to compromised Wi-Fi networks controlled by the attacker, enabling man-in-the-middle attacks.
The spyware uses “the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages,” Kaspersky said.
Kaspersky researchers also found a variant of Skygofree targeting Windows users, suggesting the authors’ next area of interest is the Windows platform.
The best way to prevent yourself from being a victim is to avoid downloading apps via third-party websites, app stores or links provided in SMS messages or emails.