Security researchers have introduced one of the most powerful and advanced Android spyware tools(skygofree) that allow hackers to remotely control infected devices.
Dubbed Skygofree, Android spyware is designed for targeted surveillance and has targeted a large number of users over the past four years.
Since 2014, the Skygofree plant has acquired many new features unknown in nature, according to a new report published by the Russian information security company Kaspersky Labs.
“Cool new features” include location-based audio recording with the device’s microphone, the use of Android accessibility services to steal WhatsApp messages, and the ability to connect infected devices to maliciously-controlled Wi-Fi networks from the aggressors.
Skygofree is distributed via fake Web sites that mimic the leading mobile network operators, most of which have been registered by hackers since 2015, when the distribution campaign was more active, based on telemetry data. from Kaspersky.
An Italian IT company behind Skygofree Spyware?
The researchers at Kaspersky Lab believe that the group of hackers or hackers behind this mobile surveillance tool has been active since 2014 and is based in Italy, home of the notorious “Hacking Team”, one of the biggest players in the world spyware business.
Also Read: Top Super Bowl Advertisers 2018
“Considering the many artifacts we have discovered in the malware code and the analysis of the infrastructure, we are confident that the Skygofree plant developer is an Italian IT company working on surveillance solutions, as well as HackingTeam,” the report said.
Kaspersky has discovered several Italian devices infected with Skygofree, which the company described as one of the most powerful and advanced mobile systems I’ve ever seen.
Although the security company has not confirmed the name of the Italian company behind this spyware, it has found more references to the technological society “Negg” of Rome in the spyware code. Negg is also specialized in the development and marketing of legal hacking tools.
Skygofree: powerful spyware tool for Android
Once installed, Skygofree hides its icon and starts background services to hide multiple user actions. It also includes a tamper function that prevents the destruction of services.
Also Read: Biggest Super Bowl Winners and Losers 2017
In October last year, Skygofree became a sophisticated multi-step spyware tool that provides attackers with full remote control of the infected device using a reverse load architecture and a command and control (C & C) server. C).
According to the technical details released by the researchers, Skygofree includes several exploits to extend root access privileges, allowing it to run more sophisticated loads on infected Android devices.
One of these charges allows the system to run Shellcode and steal data belonging to other applications installed on the target devices, including Facebook, WhatsApp, Line, and Viber.
“There are multiple and exceptional capabilities: the use of multiple exploits to gain root privileges, a complex load structure, and surveillance features never seen before,” the researchers said.
Skygofree Control Server (C & C) also allows attackers to capture images and videos remotely, capture call and SMS records and monitor user geolocation, calendar events, and stored information. of the device.
Beyond that, Skygofree can also record audio via the microphone when the infected device is in a specific location and the ability to force the infected device to connect to compromised Wi-Fi networks controlled by the attacker, allowing the attack of the man . in the middle.
The spyware uses “the accessibility service of Android to get information directly from the elements displayed on the screen, then waits for the launch of the specific application and then scans all the nodes to find text messages” said Kaspersky.
The Kaspersky researchers also found a variant of Skygofree for Windows users, suggesting that the next area of interest to the authors is the Windows platform.
The best way to avoid being a victim is to avoid downloading applications through third-party websites, app stores or links provided in text messages or e-mail.