Researchers Discovered "Skygofree", Powerful Android Spyware

SkyGoFree — Android Spyware

Security experts have uncovered one of the most powerful and highly sophisticated Android spyware tools that give hackers full authority over infected devices.

Named Skygofree, the android spyware is designed for surveillance, and we believed it has been targeting a large number of Android users for the past four years.

In October 2017, according to a report published by Russain security firm Kaspersky Labs that they have found out a new android spyware with several new features previously unseen in the past.

The several new features include such as the ability to record audio surroundings via the microphone when an infected device is in a specified location, stealing of WhatsApp messages via Accessibility Services & the ability to connect infected devices to malicious Wi-Fi networks controlled by cybercriminals.

The Skygofree is distributed through fake web pages impersonate of leading mobile operators.the domains which are used to spread the Android implants has been registered by the hackers since 2015.

According to Kaspersky telemetry, 2015 was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy.
According to the observed samples and their signatures, early versions of this Android malware were developed by the end of 2014 and the campaign has remained active ever since.
Signature of one of the earliest versions of Skygofree
Signature of one of the earliest versions — Image by Kaspersky Lab
The implant provides the ability to grab a lot of exfiltrated data, like call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device.

After manual launch, it shows a fake welcome notification to the user:
Dear Customer, we’re updating your configuration and it will be ready as soon as possible.
Android Spy Trojan steals sensitive info from victims Spreads in Italy 🇮🇹  as fake telecommunication company Tre.It
Android Spy Trojan steals sensitive info from victims Spreads in Italy 🇮🇹 as fake telecommunication company Tri.It
At the same time, it hides an icon and starts background services to hide further actions from the user.

Skygofree android malware background services

After a deep analysis of all discovered versions of Skygofree, Researchers at Kaspersky Labs made an approximate timeline of the implant’s evolution.

Kaspersky Lab experts also found a similar of Skygofree targeting Windows users, suggesting the authors' next area of interest is the Windows platform. 

The best way to prevent yourself secure from being a victim is to avoid downloading apps via third-party websites, app stores or links provided in SMS messages or emails. Stay Safe :)