New Android malware dubbed Skygofree has been said to be with never-before-seen spying capabilities. Not too long ago, last year, there were other sophisticated espionage apps written for Android. Just like in the movies, it is real as it gets. It is a fast growing arms race who remains supreme in the espionage malware development scene. Now, it has evolved to a level that includes location-based audio recording and a lot more.
A report was published by antivirus provider Kaspersky a few days ago stating that Skygofree would probably be an offensive security product sold by an Italy-based IT company that markets surveillance software. A total of 48 commands under its belt on the latest version, it has grown a lot smarter since it began last 2014. They have been using five separate exploits to try to get its way in to the root access that would enable them to bypass security measures being implemented by Android.
Skygofree has the ability to take pictures, capture video, seizing call records, SMS, geo-location information, calendars, business related info, and much more.
Art imitates life and vice versa. We have seen in the movies how spies can record conversations. It is real in this case. This can be configured to start recording when a specific location is specified by the person operating the malware. Apps like WhatsApp
messages can also be compromised. Even the WiFi can be controlled to connect to networks which the attacker points to.
Believe it or not, Skygofree has advanced features. It includes a reverse shell that gives malware operators better remote control of infected devices. What would they think of next? A keylogger and a mechanism for recording Skype conversations are also available.
There was another malware discovered last August 2016 named Pegasus that was used to infect iPhones of some users in the UAE for political reasons. It is also a full-featured espionage platform developed by Israel-based NSO Group. Its features include screenshot capture, live audio and video capture, keylogging, remote control via SMS, exfiltrate data from apps.
As per Kaspersky Labs, “The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform,” and has also said said that “As a result of the long-term development process, there are multiple, exceptional capabilities.” The three years of constant evolution have allowed Skygofree to offer novel capabilities and at the same time remain covert.
The code contained in this malware is effective but not perfect. Malware researcher have compared various versions and they have analyzed it to figure out who may have developed and maintained it.
Traces include the domain name h3g.co, which was registered by Italian IT firm Negg International. The malware may be filling a void left after the epic hack in 2015 of Hacking Team, another Italy-based developer of spyware.
Kaspersky Labs researchers said the malware is spread through Web landing pages that mimic the sites of Vodafone and other mobile operators. The domains used have been registered since 2015, and the campaign remains ongoing. Kaspersky Labs said that data it found indicated several people in Italy have been infected.
This software is basically implanted on devices that are possibly sold to government and police forces or any specific target. Users who might be a valuable target for these people like politicians, people who work for the government and other agencies should pay close attention to web addresses they visit and take utmost precaution when installing software.