Skygofree – One of The Most Powerful Android Spyware

1585
skygofree

With huge market comes huge risks too, Android is been always the preferred (affordable) connectivity device used by billions of people. With billions of people using androids, it attracts thousands of thieves(hackers) too.

An android spyware and vulnerabilities are not so rare nowadays, vulnerabilities like Janus and spyware like Tizi are just two drops from the ocean of unknown vulnerabilities and spyware.

Your Data is most valuable in the digital era where everything is online, and most of the transactions you make are from your easy to carry ‘smart’ phone.

So, steal your important data there was a spyware present all the way from 2014 to till date.

Researchers at Kaspersky Labs have found a new spyware dubbed as ‘Skygofree‘, this spyware is one of the most advanced spyware out there in the wild. Researchers found it to be developed by an Italian firm after analyzing the spyware’s code. Not sure but indicating it to be an infamous IT firm named “Negg“. For a matter of coincidence, the firm actually develops legal hacking tools, but not in this case.

Possible Threats

Skygofree once installs leaves no traces of being installed. It does so by hiding its app icon and also preventing it from getting it killed from the running processes. The Spyware also gains remote code execution permission by concurrently exploiting the device to get root access.

An attacker can listen to audio, capture video, take the call records and SMS and almost everything which is stored in the device memory.

After analyzing the spyware code researchers also confirmed that this spyware has some new level features like recording the users WhatsApp, Facebook, and other social media conversations.

It has few payloads which help grabbing the social media conversations which are encrypted, one of such is busybox which can be used to steal the encryption key used for encrypting the whatsapp conversations.

skygofreebusybox
credits: kaspersky labs

For grabbing the conversations the attackers used a social payload which is capable of stealing your social media data from Line, Viber, Facebook, Facbook Messenger and WhatsApp.

Here is what researchers said about the changes over the time occured int he spyware features – “The implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.

A variant of this spyware was found targeting Windows users too, so windows users gotta be careful for this one.

You can definitely be on the safer side, just do not download any applications from any third party ‘websites’,’app stores’ and a link from a text message. One more thing to remember is to be updated with the security news.

Comments

comments