This multistage malware is meant for surveillance, and reportedly enables attackers to carry out advanced snooping on Android, such as location-based audio recording, WhatsApp message theft, and connecting an infected device to Wi-Fi networks controlled by cybercriminals.
In a blog post on Securelist, Kaspersky has listed Skygofree’s commands, indicators of compromise, domain addresses, as well as the device models targeted by the implant’s exploit modules.
The new malware was named ‘Skygofree’ as the word was used in one of its domains. The funny part is that the attackers have been active since 2014 and have been targeting select individuals, all from Italy. The malicious app spreads via webpages that look like those of network providers like Vodafone. From these pages, victims get tricked into installing the malicious APK. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices.
“The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory,” the firm adds. Skygofree has apparently been programmed to get added to the list of “protected apps”, which means that it is not switched off when the display is off.
Kaspersky says Skygofree has undergone continuous development since the first version was created at the end of 2014 and there are as much as 48 different commands in the latest version. Kaspersky Lab researchers wrote, “As a result of the long-term development process, there are multiple, exceptional capabilities.” It also found a number of recently developed modules especially targeting Microsoft Windows, providing the attackers with reverse shell, keyloggers, recording of Skype conversations.
The malware have been into existence for complete 4 years now. Am speechless because many must have been attacked without their knowledge while some will be blaming other people without knowing that the rat is within their phone. God help us from this malware is all i pray. Also note what you download and give permission as well before you cry out loud.