Security firm Kaspersky has uncovered a new Android spyware tool that’s being described as one of the most powerful and advanced forms of mobile malware ever. Named after one of the domains where it was first identified, Skygofree can perform a number of malicious activities, including recording audio and reading WhatsApp messages.
While Kaspersky discovered Skygofree in late 2017, it’s been around and evolving since 2014. What makes the spyware particularly insidious is the way it’s distributed through fake sites designed to look like those from mobile carriers. The tool is advertised as a piece of software designed to increase the internet speeds of anyone who downloads it.
It appears that those behind Skygofree and the people it targets are all based in Italy. "Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions," said Kaspersky Lab’s Alexey Firsh.
References to Rome-based technology company Negg were found in Skygofree’s code. According to Forbes, archived versions of the small company’s website shows it provides cybersecurity and app development services. It also offers forensic capabilities and has worked with authorities and prosecutors in Italy.
One of the most advanced mobile threats found: #Skygofree. Capable of taking pictures & video, seizing call records, SMS, geolocation, calendar events & business-related information. Read the full story over at @Securelist https://t.co/RAlNIYw5ab pic.twitter.com/JN7WRt57ho— Kaspersky Lab (@kaspersky) January 17, 2018
Some of Skygofree’s capabilities include tracking the location of an infected device and switching on a microphone to record audio when a person enters a certain place.
The spyware is also able to connect to Wi-Fi networks controlled by the hackers, which can occur even when a user has disabled a device’s Wi-Fi. This could compromise passwords, allow the collection of personal information, and more. Additionally, it can read victims' private WhatsApp messages through Accessibility Services—a tool for visually and audibly impaired users. Finally, it can intercept user data like SMS messages and calendar events, as well as turn on the front-facing camera to take a picture when a user unlocks their device.
Only a few infections have been discovered, and all of them were in Italy. But Android users everywhere are still advised to stick with downloading apps from official stores and be wary of suspicious websites and links.