Advanced mobile surveillance software unmasked
Kaspersky Lab researchers uncover Skygofree, able to take full remote control of an infected device
A mobile malware that can secretly record audio recording through infected Android devices has been uncovered by Kaspersky Lab researchers.
Researchers uncovered the advanced mobile implant, dubbed Skygofree, active since 2014, and designed for targeted cyber-surveillance. The spyware is spread through web pages mimicking leading mobile network operators. The implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.
Alexey Firsh, malware analyst, targeted attacks research, Kaspersky Lab said high end mobile malware is very difficult to identify and block; the developers behind Skygofree have clearly used this to their advantage, creating and evolving an implant that can spy extensively on targets without arousing suspicion. “Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” Firsh said.
Apart from location-based audio recording, the multi-stage spyware gives attackers full remote control of an infected device. It can eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild, Kaspersky lab says. Other advanced, unseen features include using accessibility services to steal WhatsApp messages and the ability to connect an infected device to WiFi networks controlled by the attackers.
With root access, attackers can hijack the device to take pictures and videos, seize call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor.