News

Skygofree, Android malware with advanced spying capabilities

This malware, Skygofree, is one of the most powerful Android spyware created ever.

In 2017, a group of researchers found the most sophisticated espionage application targeting the Android operating system.

A new report highlights the growing niche among the malware developers.

The researchers have revealed that the new Android app has all the features that a user can desire in case of spying on others – including location-based recording.

Skygofree Android Spyware
This Android snooper, once installed – can do a lot of damage.

More specifically, on Tuesday (January 16, 2017) a new report published by Kaspersky revealed that Skygofree probably is an offensive security tool – sold by the IT Company based in Italy selling several surveillance waves.

The latest version of this application (with spying compatibility) contains 48 commands. Ever since the malware was developed, in 2014, it has undergone the continuous development.

How Skygofree Android spyware works?

Specifically, the application relies on total five different exploits to get the privileged root that allows bypassing the security measures of an Android device.

Features of Skygofree include taking pictures, recording videos, spying on text messages, ability to record to record the conversations, calendar events, geolocation data and seizing the sensitive information stored on the infected device’s memory.

Android malware and spyware are common these days, does it have any not ever-seen-before capabilities?

Yes. Skygofree can record noise and conversations whenever infected Android enters in a specific location, which the person operating malware specifies.

Now, this is something which even the top spy apps like mSpy aren’t able to do.

Another never-seen-before of this Android spyware is its ability to spy on Whatsapp conversations by abusing the infected Android’s accessibility service – that genuinely helps users with disabilities or the ones who may be not able to interact with their device temporarily wholly.

The next new feature that this spyware has is its ability to connect the infected Android to WiFi hotspots controlled by the attackers.

Are those all of the advanced features it has?

This new spyware also includes a reverse shell which ultimately gives the malware operators (attackers) better remote control over infected devices.

Even that is not all possible with it; the malware comes with some Windows components too – including the mechanism for Skype conversations recordings and a keylogger.

All in all, it won’t be wrong to say that Skygofree android spyware is the most dangerous spyware tool until this stage. The malware is capable to spy on Android like nothing else before it!

According to Kaspersky Labs, the spyware posses some exceptional capabilities due to its long-term continuous development.

In fact, the continuous development has allowed the spyware to offer exceptional capabilities that a user can expect in an ideal spy app.

Indeed, as like any other thing on the planet, the spyware in question is not perfect too.

It also leaves some traces.

But yeah, only the security experts like Kaspersky can find them.

Kaspersky examined the different versions of it and found multiple artifacts providing clues about the guys who maintained and developed the codes.

Who is Behind Skygofree?

The researchers got the clues that the domain is registered by an Italian company known as Negg international.

Whereas, as of now, the Negg firm officials didn’t respond to any emails when they were approached to write a comment on the post.

How is it being spread online?

The researchers said that hackers are spreading Skygofree via website landing pages mimicking the Vodafone and other mobile carriers sites.

The campaign is ongoing from 2015; ever since the used domains were registered.

The data Kaspersky Labs found indicates that the malware has already infected many individuals in Italy.

What is the take here?

Skygofree, is in fact, a reminder for us all that the so-called infuse tools sold to police forces and governments, sometimes within countries having indigent human rights background – remains a massive threat to folks making use of a wide range of operating systems and devices.

But the good thing is, this malware won’t affect all of the Android devices. It needs to be installed in order to do any harm, which everyone can prevent with some caution.

Users should pay great attention to websites’ addresses they visit, look for Https in the address bar as a must. And as far as installing an application is concerned, users should install one only from the official stores (Google Play in this case of Android).

Ali Qamar
the authorAli Qamar
Editor
Ali is an Internet security and tech enthusiast who enjoys "deep" research to dig out modern discoveries in the tech and security industry. Before turning to tech and security, he worked in marketing and management sector. He is passionate about sharing the knowledge with people and always try to give only the best.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.