Discovery of new snooping tool in Android devices
The lethal form of surveillance tools meant for Android spyware is something that comes uncovered. These kinds of spyware are equipped with features that are never seen before.
We are talking about something called Skygofree, which researchers say is a term that was used in one of the domains. This malware was designed for surveillance and it converts the mobile device to remote control. This enables the attacker to take full control of the situation, from recording the current location, taking away the communication, including your messages, and even connecting your devices to the other forbidden network.
Researchers at Kaspersky Lab say those behind spyware have been active since 2014 and are targeting select individuals — all in Italy. Those behind the mobile surveillance tool are also thought to be based in Italy.
A renowned security organization in a recent statement has said how this latest spyware has been around since 2014, and snooping on individuals through their mobile devices. It is suspected that these cybercrimanals are all based in Italy.
Alexey Firsh, a malware analyst “We discovered in the malware code and our analysis, we are confident that the Skygofree implants are an Italian IT company that offers surveillance solutions.”
The malware Skygofree offers attackers nearly 48 commands and they still send updates to devices, which allow them the flexibility to access all the services and information on the infected device. This includes eavesdropping users’ conversation and even not surrounding conversation.
The accessibility to steal WhatsApp messages is another unseen feature, which has the ability to connect to the infected device or to a WiFi network. The malware has the ability to access the privileges of root access and is also equipped with Trojan, spyware, which includes capturing pictures and videos, seizing call records and text messages. Even records user’s location via GPS and other sensitive information.
If the user has chosen to run battery-saving measures, Skygofree are able to add itself to the list of ‘protected apps’ in order to ensure it can carry on its malicious activity, even when the screen is off or the phone isn’t active.
Just in case if the user has chosen to run battery-saving measures, Skygofree will add itself to the list of protected apps, and hide itself from being detected. It can do this even when the phone is switched-off.
It is not clear what common factors have the Italian based criminals found when they target people outside Italy, nevertheless, researcher think that Android malware caught their devices when they happened to visit dubious website that looks exactly like the original mobile operator’s site. It is also not clear how the victims fall into this trap as they are lured into such website, and once they are asked to update the device configuration, the malware gets into action.
The Skygofree is still active it seems, after the reported attack last year in October. Interestingly, Skygofree have ensured they remain undetected till now.
“High-end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion,” said Firsh.
Well, it is proved that the people behind Skygofree are targeting Android, taking into account how it gives them the chance to track user’s movement and activities. In addition to this it seems they also love to crack Windows systems: researchers.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.