Researchers Discovered "Skygofree", Powerful Android Spyware
Security experts have uncovered one of the most powerful and highly sophisticated Android spyware tools that give hackers full authority over infected devices.Named Skygofree, the android spyware is designed for surveillance, and we believed it has been targeting a large number of Android users for the past four years.
In October 2017, according to a report published by Russain security firm Kaspersky Labs that they have found out a new android spyware with several new features previously unseen in the past.
The several new features include such as the ability to record audio surroundings via the microphone when an infected device is in a specified location, stealing of WhatsApp messages via Accessibility Services & the ability to connect infected devices to malicious Wi-Fi networks controlled by cybercriminals.
The Skygofree is distributed through fake web pages impersonate of leading mobile operators.the domains which are used to spread the Android implants has been registered by the hackers since 2015.The Android Italian Job 🇮🇹— Lukas Stefanko (@LukasStefanko) November 9, 2017
Android Spy Trojan steals sensitive info from victims
Spreads in #Italy 🇮🇹 as fake telecommunication company @Tre_It
Remotely controlled, capable of: install apps, upload files, uses accessibility, take pics, record audio, get sms/location, XMPP... pic.twitter.com/1dHSW1wGQ3
According to Kaspersky telemetry, 2015 was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy.
According to the observed samples and their signatures, early versions of this Android malware were developed by the end of 2014 and the campaign has remained active ever since.
|Signature of one of the earliest versions — Image by Kaspersky Lab|
After manual launch, it shows a fake welcome notification to the user:
Dear Customer, we’re updating your configuration and it will be ready as soon as possible.
|Android Spy Trojan steals sensitive info from victims Spreads in Italy 🇮🇹 as fake telecommunication company Tri.It|
After a deep analysis of all discovered versions of Skygofree, Researchers at Kaspersky Labs made an approximate timeline of the implant’s evolution.
Kaspersky Lab experts also found a similar of Skygofree targeting Windows users, suggesting the authors' next area of interest is the Windows platform.