Home / / Advanced mobile surveillance software unmasked

Advanced mobile surveillance software unmasked

Kaspersky Lab researchers uncover Skygofree, able to take full remote control of an infected device

Advanced mobile surveillance software unmasked
High end mobile malware is very difficult to identify and block, experts say.

A mobile malware that can secretly record audio recording through infected Android devices has been uncovered by Kaspersky Lab researchers.

Researchers uncovered the advanced mobile implant, dubbed Skygofree, active since 2014, and designed for targeted cyber-surveillance. The spyware is spread through web pages mimicking leading mobile network operators. The implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

Alexey Firsh, malware analyst, targeted attacks research, Kaspersky Lab said high end mobile malware is very difficult to identify and block; the developers behind Skygofree have clearly used this to their advantage, creating and evolving an implant that can spy extensively on targets without arousing suspicion. “Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” Firsh said.

Apart from location-based audio recording, the multi-stage spyware gives attackers full remote control of an infected device. It can eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild, Kaspersky lab says. Other advanced, unseen features include using accessibility services to steal WhatsApp messages and the ability to connect an infected device to WiFi networks controlled by the attackers.

With root access, attackers can hijack the device to take pictures and videos, seize call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.