Security researchers have unveiled one of the most powerful in addition to highly advanced Android spyware tools that will give hackers full control of infected devices remotely.
Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, in addition to This kind of will be believed to have been targeting a large number of users for the past four years.
Since 2014, the Skygofree implant has gained several novel features previously unseen inside the wild, according to a brand new report published by Russian cybersecurity firm Kaspersky Labs.
The ‘remarkable brand new features’ include location-based audio recording using device’s microphone, the use of Android Accessibility Services to steal WhatsApp messages, in addition to the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.
Skygofree will be being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution campaign was most active, according to Kaspersky’s telemetry data.
Italian This kind of Firm Behind Skygofree Spyware?
Researchers at Kaspersky Lab believe the hacker or hacking group behind This kind of mobile surveillance tool has been active since 2014 in addition to are based in Italy—the home for the infamous ‘Hacking Team’—one of the entire world’s bigger players in spyware trading.
“Given the many artifacts we discovered inside the malware code, as well as infrastructure analysis, we are pretty confident that will the developer of the Skygofree implants will be an Italian This kind of company that will works on surveillance solutions, just like HackingTeam,” said the report.
Kaspersky found several Italian devices infected with Skygofree, which the firm described among the most powerful, advanced mobile implants This kind of has ever seen.
Although the security firm has not confirmed the name of the Italian company behind This kind of spyware, This kind of found multiple references to Rome-based technology company “Negg” inside the spyware’s code. Negg will be also specialised in developing in addition to trading legal hacking tools.
Skygofree: Powerful Android Spyware Tool
Once installed, Skygofree hides its icon in addition to starts background services to conceal further actions coming from the user. This kind of also includes a self-protection feature, preventing services coming from being killed.
As of October last year, Skygofree became a sophisticated multi-stage spyware tool that will gives attackers full remote control of the infected device using a reverse shell payload in addition to a command in addition to control (C&C) server architecture.
According to the technical details published by researchers, Skygofree includes multiple exploits to escalate privileges for root access, granting This kind of ability to execute most sophisticated payloads on the infected Android devices.
One such payload allows the implant to execute shellcode in addition to steal data belonging to additional applications installed on the targeted devices, including Facebook, WhatsApp, Line, in addition to Viber.
“There are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [in addition to] never-before-seen surveillance features,” the researchers said.
Skygofree’s control (C&C) server also allows attackers to capture pictures in addition to videos remotely, seize call records in addition to SMS, as well as monitor the users’ geolocation, calendar events in addition to any information stored inside the device’s memory.
Besides This kind of, Skygofree also can record audio via the microphone when the infected device was in a specified location in addition to the ability to force the infected device to connect to compromised Wi-Fi networks controlled by the attacker, enabling man-in-the-middle attacks.
The spyware uses “the Android Accessibility Service to get information directly coming from the displayed elements on the screen, so This kind of waits for the targeted application to be launched in addition to then parses all nodes to find text messages,” Kaspersky said.
Kaspersky researchers also found a variant of Skygofree targeting Windows users, suggesting the authors’ next area of interest will be the Windows platform.
The best way to prevent yourself coming from being a victim will be to avoid downloading apps via third-party websites, app stores or links provided in SMS messages or emails.