Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Five Short YouTube Docus That Deserve a Spot on Your Playlist Right Now
Techworld Date Posted: 15 September 2018 2:32 PM | 193 Views
In between life hacks and viral videos, YouTube has an exciting selection of thought-provoking documentaries and informative videos that are just as entertaining as they are enlightening.. See More
 
Five Short YouTube Docus That Deserve a Spot on Your Playlist Right Now
Techworld Date Posted: 2:32 PM | 193 Views
In between life hacks and viral videos, YouTube has an exciting selection of thought-provoking documentaries and informative videos that are just as entertaining as they are enlightening.See More

 
Epson Eases Print Management through EasyCare360
Techworld Date Posted: 4 December 2018 2:47 PM | 55 Views
Epson, a global leader in printing technologies and market leader for ink tank printers, recently launched its very own enterprise printing solution in a bid to ease print management for its customers nationwide. . See More
 
Epson Eases Print Management through EasyCare360
Techworld Date Posted: 2:47 PM | 55 Views
Epson, a global leader in printing technologies and market leader for ink tank printers, recently launched its very own enterprise printing solution in a bid to ease print management for its customers nationwide. See More

 
Realme Announces First In-Store Grand Flash Sale on December 16, 10AM at MemoXpress SM City North EDSA
Techworld Date Posted: 14 December 2018 10:45 AM | 101 Views
After a successful round of online flash sales, Realme Philippines adheres to the demand of consumers for offline store availability. #RealEntryLevelKing Realme C1 will be available at MemoXpress SM City North EDSA starting December.... See More
 
Realme Announces First In-Store Grand Flash Sale on December 16, 10AM at MemoXpress SM City North EDSA
Techworld Date Posted: 10:45 AM | 101 Views
After a successful round of online flash sales, Realme Philippines adheres to the demand of consumers for offline store availability. #RealEntryLevelKing Realme C1 will be available at MemoXpress SM City North EDSA starting December...See More

 
Notes on Intel®’s Tick-Tock Model
Techworld Date Posted: 30 March 2017 10:59 AM | 288 Views
Though Intel has scrapped the previous “Tick-Tock” CPU production model, it is still good to note how well it has gone through the years.. See More
 
Notes on Intel®’s Tick-Tock Model
Techworld Date Posted: 10:59 AM | 288 Views
Though Intel has scrapped the previous “Tick-Tock” CPU production model, it is still good to note how well it has gone through the years.See More

 
Kaspersky Lab Unravels the Truth on Cyber Espionage at its 3rd APAC Cyber Security Conference
Techworld Date Posted: 17 October 2017 1:26 PM | 286 Views
Kaspersky Lab unriddled the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region on its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand last week.. See More
 
Kaspersky Lab Unravels the Truth on Cyber Espionage at its 3rd APAC Cyber Security Conference
Techworld Date Posted: 1:26 PM | 286 Views
Kaspersky Lab unriddled the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region on its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand last week.See More

 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 2 August 2018 1:33 PM | 494 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.. See More
 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 1:33 PM | 494 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.See More

 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 29 June 2018 4:21 PM | 225 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta.... See More
 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 4:21 PM | 225 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta...See More

 
Kingston Technology Celebrates 30 Years Supplying the World with Quality Technology Solutions
Techworld Date Posted: 18 October 2017 1:19 PM | 215 Views
Kingston Technology, a world leader in memory storage products and technology solutions, announces today that it celebrates its 30th year in the business as an innovative technology hardware provider for computers and devices. See More
 
Kingston Technology Celebrates 30 Years Supplying the World with Quality Technology Solutions
Techworld Date Posted: 1:19 PM | 215 Views
Kingston Technology, a world leader in memory storage products and technology solutions, announces today that it celebrates its 30th year in the business as an innovative technology hardware provider for computers and devicesSee More

 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 21 September 2018 9:26 AM | 130 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.. See More
 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 9:26 AM | 130 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.See More

 
Smart, YouTube Team Up to Connect Filipinos to the World of Video
Techworld Date Posted: 26 April 2018 5:12 PM | 326 Views
PLDT wireless arm Smart Communications Inc. (Smart) is giving Smart, TNT, and Sun prepaid customers free access for one hour daily to YouTube and soon to other online video services starting today until July.... See More
 
Smart, YouTube Team Up to Connect Filipinos to the World of Video
Techworld Date Posted: 5:12 PM | 326 Views
PLDT wireless arm Smart Communications Inc. (Smart) is giving Smart, TNT, and Sun prepaid customers free access for one hour daily to YouTube and soon to other online video services starting today until July...See More


Power by

Download Free AZ | Free Wordpress Themes