Skygofree Android Malware Possesses ‘Never Before Seen’ Capabilities
Anew and highly invasive form of Android malware dubbed ‘Skygofree’ was discovered this week, according to an ArsTechnica report.
Found initially by antivirus software developer, Kaspersky Lab, Skygofree is described as an advanced “surveillance application” — allegedly built and distributed by an Italian IT company. Its most notable capability allows it to bypass Android security and “spy” on its victim by employing five separate root exploits.
“The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform. As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations,” the developer explained.
Like any self-described “spying app,” Skygofree utilizes specific exploits in the Android software to carry out a variety of spying tactics, such as taking pictures and recording videos, reading text messages, location data, and accessing other information such as call records and data stored in onboard memory.
Skygofree also allows hackers to take control of infected devices remotely, while avant-grade features including its ability to automatically record conversations taking place at a specific time and location, are further proof that the malware is as serious as experts caution.
Even encrypted apps like WhatsApp can be breached by Skygofree, BGR noted, pointing out that the malware can read encrypted messages by taking advantage of an accessibility feature designed to help Android users with disabilities.
- Since the Skygofree malware spreads to Android devices via fake web landing pages designed to appear like actual and legitimate websites, simply paying extra close attention to the websites you visit and which apps you install on your device is the best way to avoid infection.
- At present, select mobile operator websites including Vodafone and Three in the U.K. have been found to obtain infected links, which have so far been responsible for multiple infections, BGR pointed out.
- Android users who think they’ve been infected, meanwhile, should scan their Windows PC and cleanse it of any recent data (such as companion apps) which may have found their way onto their hard drive.