UPDATED 17:09 EDT / JANUARY 16 2018

INFRA

Android malware ‘Skygofree’ has unprecedented spying abilities

Be careful what you say around your smartphone—you never know who might be listening.

Russian antivirus provider Kaspersky Lab revealed in a report today that it uncovered a new type of spyware for Android that demonstrates “never-before-seen surveillance features.” Kaspersky said the spyware, which it named “Skygofree” after a word found on one of its domains, appears to have been in development since the end of 2014.

Since then, Skygofree has gained several troubling surveillance capabilities. For example, the spyware can record audio when an infected devices enters a specific location. It can also steal WhatsApp messages via Android’s Accessibility Services, and it can force a device to join a compromised Wi-Fi network.

“The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform,” Kaspersky said in its report.

Skygofree seems to have been distributed through landing pages designed to mimic official websites for mobile carriers. Although these domains are outdated, Kaspersky said all but one are still accessible. The distribution of Skygofree peaked in 2015, the company added, but the spyware’s most recent domain was registered in October 2017.

“Unfortunately, for now we can’t say in what environment these landing pages were used in the wild, but according to all the information … we can assume that they are perfect for exploitation using malicious redirects or man-in-the-middle attacks,” Kaspersky said. “For example, this could be when the victim’s device connects to a Wi-Fi access point that is infected or controlled by the attackers.”

Kaspersky has detected several individuals infected by Skygofree, but so far all instances of the spyware have been found exclusively in Italy. Code executed by the Skygofree also includes multiple comments written in Italian. That led Kaspersky to speculate that the spyware was developed by an Italian surveillance solutions provider “just like Hacking Team.”

Hacking Team is a Milan-based company that creates tools to help law enforcement gain remote control of a suspect’s computer and other devices. A data breach revealed in 2015 that Hacking Team sold its spyware to oppressive governments, which resulted in the company losing its license to sell its tools outside of Europe.

“Even if this is not widespread and it’s much more targeted, the future for this kind of government-sponsored espionage will be on mobile devices for sure,” Kaspersky researcher Vicente Diaz told Forbes. “I think we’re close to that tipping point.”

Kaspersky itself has been accused of collaborating with the Russian government to steal state secrets of the U.S. National Security Agency, which led to a ban on Kaspersky’s security solutions for government agencies. Kaspersky filed a lawsuit against the U.S. government over the ban, saying that the Department of Homeland Security “harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company.”

Photo: Blogtrepreneur via (license)

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU