Kaspersky reveals details of extraordinarily powerful Android trojan, Skygofree
Security firm Kaspersky Lab has revealed details of a highly-sophisticated Android trojan that takes advantage of multiple vulnerabilities to gain full control of a device. Skygofree has capabilities that have never been seen in the wild before.
In the malware's arsenal of weapons is the ability to track user location, record audio, connect to attacker-controlled networks, monitor messaging apps, intercept text messages, take photographs, and much more. Kaspersky says its capabilities are "reminiscent of Hollywood spy movies."
See also:
- Hundreds of fake Android apps have a hidden Coinhive miner
- Hundreds of Android and iOS apps use your mic to check what TV shows you are watching
The company says: "We recently discovered one such cinematic Trojan by the name of Skygofree (it doesn't have anything to do with the television service Sky Go; it was named after one of the domains it used). Skygofree is overflowing with functions, some of which we haven't encountered elsewhere. For example, it can track the location of a device it is installed on and turn on audio recording when the owner is in a certain place. In practice, this means that attackers can start listening in on victims when, say, they enter the office or visit the CEO's home."
Kaspersky explains that Skygofree blocks the battery-saving features of Android by sending regular system notifications, or setting itself as a favorite app. The ability to monitor chat apps is a little worrying, and in the case of WhatsApp, the malware uses a clever technique involving the use of Accessibility Services. "Using Accessibility Services requires the user's permission, but the malware hides the request for permission behind some other, seemingly innocent, request."
The security firm also says:
Another interesting technique Skygofree employs is surreptitiously connecting an infected smartphone or tablet to a Wi-Fi network controlled by the attackers -- even if the owner of the device has disabled all Wi-Fi connections on the device. This lets the victim's traffic be collected and analyzed. In other words, someone somewhere will know exactly what sites were looked at and what logins, passwords, and card numbers were entered.
While Skygofree is a recent discovery, it turns out that it has actually been around since 2014, and its developers have been constantly improving it. Like a lot of other mobile malware, Skygofree is offered up as a useful app -- in this case, a tool to speed up internet connections. Advice about ensuring you obtain apps from trusted sources applies as always.
Image credit: Georgejmclittle / Shutterstock