Kapersky Lab says finds Android spying app called ‘Skygofree’
According to Kapersky Lab, “At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild.
In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014.
Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.
We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015.
According to our telemetry, that was the year the distribution campaign was at its most active.
The activities continue: the most recently observed domain was registered on October 31, 2017.
Based on our KSN statistics, there are several infected individuals, exclusively in Italy.
Moreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine.
The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild.
We named the malware Skygofree, because we found the word in one of the domains.”
According to researchers, the Skygofree Android implant is ” one of the most powerful spyware tools that we have ever seen for this platform.
As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations.
Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam.”
GOOG closed at $1121.76.
To read timely stories similar to this, along with money making trade ideas, sign up for a membership to Stockwinners.
This article does not constitute investment advice. Each reader is encouraged to consult with his or her individual financial professional and any action a reader takes as a result of information presented here is his or her own responsibility.