Malware is definitely getting more sinister and Skygofree, said to be in existence since 2014, was reported by Kaspersky as vicious enough to steal messages and take over your phone camera and steal data. The ultimate eavesdropper, Skygofree does not actually read WhatsApp and Facebook encrypted messages but goes around this limitation by capitalizing on Android’s Accessibility Services, something that was created for people with disabilities or limited interaction with the smartphone or tablet.
Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.
Late last year, it was considered one of the most sophisticated malware affecting Android operating systems because it can link-up infected devices to Wi-Fi networks under the control of the attackers. Unlike in the past when malware was released by cyber attackers, word has it that an Italian company selling surveillance systems developed this malware with root access. Hence, it is capable of reading practically anything on your device’s memory including geolocation, text messages, calendared events, business data, and personal information. It can also take photos, record video and conversations automatically without as much as alerting the owner that anything was remiss. It has better control of infected devices and can record the once impregnable Skype conversations.
Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device. – Kaspersky
You realize the gravity of the security risk when you realize just how much information you’ve entrusted to your smartphone. You read emails, write notes, store passwords, credit card information and even hold virtual work meetings using your Android.
According to Kaspersky, the malware is spread through landing pages that mimic mobile network operators. Users are then tricked into installing and using the app. If you notice your smartphone is fast draining charge and heating up, it may be infected by Skygofree and other Trojans). Aside from the 48 commands it can execute, it can circumvent battery-saving mechanisms (such as in Huawei) and unobtrusively implant itself as a protected app. A particularly dangerous quality because it remains quietly operating in the background when the screen is off.
How does Skygofree do it? Once installed from fake sites, you will see a notification that may be permutations of this “Dear Customer, we’re updating your configuration and it will be ready as soon as possible”. It sounds official and above-board and doesn’t raise suspicions. However, if you detect something off and want to address this by deleting or uninstalling the app, you are in for a big surprise! The trojan hides the icon in background services where it isn’t easily removed from the system. According to Kaspersky, this self-protection feature affects almost all services. Windows itself could be the next target and this has already started with infiltrating Skype.
Prevent infection by Skygofree by:
- installing antivirus/anti-malware protection such as Kaspersky Security for Mobile.
- being cautious when opening mail from unknown sites
- not opening attachments
- downloading only from known sites and
- turning on Application Control if you are the system administrator.