Powerful Android Spyware “Skygofree” Discovered
Security analysts have disclosed a standout amongst the most effective and very propelled Android spyware instruments that give programmers full control of infected android gadgets remotely.
Named Skygofree, the Android spyware has been intended for focused observation, and it is accepted to have been focusing on countless for as far back as four years.
Since 2014, the Skygofree embed has increased a few novel highlights already inconspicuous in the wild, as indicated by another report distributed by Russian cybersecurity firm Kaspersky Labs.
The ‘remarkable new features’ include location-based audio recording using device’s microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.
Skygofree is being dispersed through phony site pages impersonating real system administrators, a large portion of which had been enlisted by the assailants since 2015—the year when the conveyance battle was most dynamic, as per Kaspersky’s telemetry information.
Italian IT Company Behind Skygofree Spyware?
Researchers at Kaspersky Lab believe the hacker or hacking group behind this mobile surveillance tool has been active since 2014 and are based in Italy—the home for the infamous ‘Hacking Team’—one of the world’s bigger players in spyware trading.
“Given the many artefacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam,” said the report.
Kaspersky found several Italian devices infected with Skygofree, which the firm described as one of the most powerful, advanced mobile implants it has ever seen.
Although the security firm has not confirmed the name of the Italian company behind this spyware, it found multiple references to Rome-based technology company “Negg” in the spyware’s code. Negg is also specialised in developing and trading legal hacking tools.
Skygofree: Android Spyware Tool
Once installed, Skygofree hides its icon and starts background services to conceal further actions from the user. It also includes a self-protection feature, preventing services from being killed.
As of October last year, Skygofree became a sophisticated multi-stage spyware tool that gives attackers full remote control of the infected device using a reverse shell payload and a command and control (C&C) server architecture.
According to the technical details published by researchers, Skygofree includes multiple exploits to escalate privileges for root access, granting it ability to execute most sophisticated payloads on the infected Android devices.
One such payload allows the implant to execute shellcode and steal data belonging to other applications installed on the targeted devices, including Facebook, WhatsApp, Line, and Viber.
“There are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features,” the researchers said.
Skygofree’s control (C&C) server also allows attackers to capture pictures and videos remotely, seize call records and SMS, as well as monitor the users’ geolocation, calendar events and any information stored in the device’s memory.
Besides this, Skygofree also can record audio via the microphone when the infected device was in a specified location and the ability to force the infected device to connect to compromised Wi-Fi networks controlled by the attacker, enabling man-in-the-middle attacks.
The spyware uses “the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages,” Kaspersky said.
Kaspersky researchers also found a variant of Skygofree targeting Windows users, suggesting the authors’ next area of interest is the Windows platform.
The best way to prevent yourself from being a victim is to avoid downloading apps via third-party websites, app stores or links provided in SMS messages or emails.
Now your take on this argument.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also join our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
You need to confirm your subscription by clicking on the link sent to you. You can check the spam folder for it. Add us to your mailing list to receive directly from us.
PS: Click on the link below to sign up for my Online E-Course CRM Training. Make sure you confirm your subscription by clicking on the link sent to you. Thanks.
Adeniyi Salau PMP , CCNA R&S , CDMP, CEP, MOS, MCP, CSCU (Project 2016), Microsoft Certified Security and Networking Associate is a Google and Beingcert Certified Digital Marketer, Project Manager and SEO Expert of repute with about a decade of Blogging and online marketing experience. He is always ready to share his experience with others.