A New Cyber Security Threat for Android Users: Skygofree

Online security researchers have discovered one of the most dangerous pieces of Android spyware that enables hackers to control and infect devices remotely. Known as Skygofree, it’s the most advanced spyware tool kit that has the ability to:

    • access and read WhatsApp messages
    • record audio and videos
    • steal data from device memory
    • connect to users’ Wi-Fi
    • pinpoint the attacker’s location

What is Skygofree? The Kaspersky Lab says that it’s a malware full of malicious functions. Although it’s suspected that this Trojan was created at the end of 2014, Skygofree has since developed and it’s believed to have been targeting a lot of users in the past four years. But it wasn’t until the beginning of October 2017, that the scientists discovered this new Android spyware with never before seen features.  

“For example, it can track the location of a device it is installed on and turn on audio recording when the owner is in a certain place. In practice, this means that attackers can start listening in on victims when, say, they enter the office or visit the CEO’s home,” states the Kaspersky Lab blog.

In addition, Skygofree can connect an infected device to a Wi-Fi network and give full control over a smartphone or a tablet to hackers even though the user has disconnected the Wi-Fi. This means that hackers are able to uncover all the visited sites, logins, passwords and credit card information of the victim.

Also, some versions of this malware are capable of bypassing the battery power saver processes and place itself on the list of favorite apps that work in the background once the screen is turned off. This ability works exclusively for Huawei devices, which led researchers to believe that the people behind this malware focused on learning the inner workings of Huawei phones in order to bypass their security.

The total Skygofree package is able to perform 48 commands remotely, including reading WhatsApp messages, stealing information from the user’s device memory, recording videos, taking pictures, reading the location status, and more.

Skygofree circulates online through fake websites that mimic popular mobile network providers, which the attackers registered in 2015, when the distribution campaign reached the highest activity peak. So far, Kaspersky Lab researchers think the hacker or hacker group responsible for this professional surveillance kit is based in Italy.

“Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam”, as claimed by the Kaspersky research report.

Although this statement has not yet been confirmed, the spyware code carries within it a lot of references to “Negg”, a company in Rome specialized in developing legal tools for hacking. In addition, all roads lead to Italy, since Skygofree has only been found on Italian web pages.

However, this doesn’t mean that Android users across the globe don’t have a reason to be concerned. None of them are safe while one of the most advanced malicious mobile implants is on the loose. Skygofree also monitors highly active social media platforms such as Facebook Messenger, Viber, Skype, and WhatsApp.

Since it can read WhatsApp messages via the Accessibility Service, it can easily gain mobile access through the requests we are already accustomed to. And that’s not all, because the Trojan can intercept calls, calendar, SMS messages, etc.

So what can you do to stay out of Skygofree’s reach? First of all, make sure you have a reliable antivirus for better device safety, such as the Kaspersky Mobile Antivirus. Secondly, never open or download apps from third-party sources. In fact, it’s recommended that you disable this feature in your mobile settings and always download from verified and official sources like Google Play and the App Store.

If you are in doubt, don’t press the “download” button. Avoid miswritten app names and any app requests that sound suspicious. Also, don’t forget to apply antivirus protection to all devices, including those you use at work. Don’t let yourself fall for the bait – always identify the site’s authenticity and never click on links provided in SMS messages or emails.