January 16, 2018 by

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities that makes it among the most advanced targeted surveillance tools ever seen on mobile devices.

Dubbed ‘Skygofree’ due to the name’s usage among one of its domains, the multistage malware enables attackers with full remote control of the compromised device, enabling them to steal communications through encrypted applications like WhatsApp, engage in location-based sound recording and connecting compromised networks controlled by the malware’s operators.

“The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform,” researchers wrote damningly. “As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations.”

Skygofree allows attackers to trigger 48 different commands, offering them access to a myriad of services and information on the infected device. The malware, equipped with root access privileges, can also capture videos and photos, ascertain text messages and call records as well as monitor the user’s location via GPS. The malware can also access any information stored on devices, including their calendar.

Unlike most spyware tools, this particular variant executes a payload almost exclusively targeting WhatsApp, the world’s most popular instant messaging mobile application. “The payload uses the Android Accessibility Service to get information directly from the displayed elements on the screen,” researchers revealed. As a result, it merely has to wait for WhatsApp to launch before parsing all nodes to find text messages shown on the display.

Without directly blaming the operators of the malware, Kaspersky researchers pointed to links with Italian software vendor Negg, a firm specializing in hacking tools similar to the ‘Hacking Team’.

“Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam,” researchers said.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

This Android CryptoMining Malware is Capable of Destroying Android Phones

Cybersecurity researchers have discovered a “jack of all trades” cryptocurrency mining malware...

Read more arrow_forward

Second Largest Android Malware Outbreak Infects 21 Million Victims

Security researchers claim to have discovered the second largest outbreak to hit Google’s Android...

Read more arrow_forward

Dangerous Android Banking Trojan, SVPENG, modified with a Keylogger

In mid-July this year, it was discovered that a well-known banking malware,...

Read more arrow_forward