Skygofree: Here’s the Most Sophisticated Android Malware Ever

Android Malware Shutterstock KK

Malware and Android: Name a more iconic duo. 

In all seriousness though, the latest report published by Kaspersky Lab is quite scary.  Security researchers from the firm have discovered a new Android malware which they call the most sophisticated spyware ever created. Codenamed Skygofree, it is capable of location-based audio recording and several other hacks that haven’t been observed in previous Android malware.

The researchers believe Skygofree is offensive security product developed by an Italian IT company and has been in development since late 2014. The malware features 48 different modules, and relies on five unique exploits to gain root access on the infected device. It is capable of taking pictures, capturing video, copying call records, text messages including WhatsApp and other IM apps, geolocation data, calendar events, and business-related information which has been stored in the device’s internal storage.

Additionally, Skygofree also has the ability to automatically record conversations when the infected device enters a location specified by the attacker.

Another unique feature found in the malware is its ability to access WhatsApp messages by exploiting the Android Accessibility Service. The spyware can also connect infected devices to WiFi networks controlled by attackers.

More advanced features found in the spyware include a reverse shell that allows the attacker to gain remote access of infected devices. A variety of Windows components can also be found in the malware that provide a reverse shell, a keylogger, and a way to record Skype conversations, possibly for infecting machines which compromised devices are connected to.

The report adds:

“The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform…As a result of the long-term development process, there are multiple, exceptional capabilities.”

The malware is spread through web landing pages that mimic websites of popular network service providers like Vodafone. The domains used to spread the malware have been registered since 2015, with the latest domain added early last year.

Data discovered by Kaspersky Lab suggests that several individuals in Italy have been infected, with no instances found anywhere else in the world. However, the group advises users to keep their software up-to-date and limit their visits to fishy sites and domains.

Comments 0
Leave a Reply

Loading comments...