Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Transcend® Offers a New Perspective with the DrivePro Body 60 Body Camera
Techworld Date Posted: 5 June 2018 10:44 AM | 225 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, proudly introduces the DrivePro Body 60 body camera. This state-of-the-art POV tethered camera is designed specifically for military and public safety professionals.... See More
 
Transcend® Offers a New Perspective with the DrivePro Body 60 Body Camera
Techworld Date Posted: 10:44 AM | 225 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, proudly introduces the DrivePro Body 60 body camera. This state-of-the-art POV tethered camera is designed specifically for military and public safety professionals...See More

 
HyperX Ships 60 Million Memory Modules
Techworld Date Posted: 23 October 2018 10:31 AM | 58 Views
HyperX, the gaming division of Kingston Technology Company, Inc. has announced that since its inception in 2002, it has shipped over 60 million memory modules, which is equivalent to billions of bytes of memory.. See More
 
HyperX Ships 60 Million Memory Modules
Techworld Date Posted: 10:31 AM | 58 Views
HyperX, the gaming division of Kingston Technology Company, Inc. has announced that since its inception in 2002, it has shipped over 60 million memory modules, which is equivalent to billions of bytes of memory.See More

 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 4 August 2017 1:11 PM | 197 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and.... See More
 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 1:11 PM | 197 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and...See More

 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 16 October 2018 3:31 PM | 66 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call.... See More
 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 3:31 PM | 66 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call...See More

 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 7 March 2018 9:59 AM | 536 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more.... See More
 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 9:59 AM | 536 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more...See More

 
NVIDIA Announces GeForce GTX Destiny 2 Bundle and a Comprehensive Graphics and Performance Guide
Techworld Date Posted: 19 October 2017 2:21 PM | 162 Views
The Destiny franchise is coming to PC for the first time in history on October 24, 2017 with the upcoming release of Destiny 2, and NVIDIA has been partnering with Bungie and Activision on.... See More
 
NVIDIA Announces GeForce GTX Destiny 2 Bundle and a Comprehensive Graphics and Performance Guide
Techworld Date Posted: 2:21 PM | 162 Views
The Destiny franchise is coming to PC for the first time in history on October 24, 2017 with the upcoming release of Destiny 2, and NVIDIA has been partnering with Bungie and Activision on...See More

 
Fortinet® Recommended in NSS Labs Data Center Security Gateway Test
Techworld Date Posted: 11 January 2018 9:16 AM | 286 Views
(NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today announced its results in the inaugural NSS Labs Data Center Security Gateway group test report. The testing revealed that Fortinet®’s FortiGate.... See More
 
Fortinet® Recommended in NSS Labs Data Center Security Gateway Test
Techworld Date Posted: 9:16 AM | 286 Views
(NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today announced its results in the inaugural NSS Labs Data Center Security Gateway group test report. The testing revealed that Fortinet®’s FortiGate...See More

 
Kaspersky Lab Launches Awards Campaign to Increase Awareness on Internet Safety
Techworld Date Posted: 9 August 2017 1:35 PM | 172 Views
Kaspersky Lab has launched a campaign in Asia Pacific to educate the public and spread awareness on Internet safety. Known as the Goondus Awards, the campaign is inviting submissions from the public on Internet.... See More
 
Kaspersky Lab Launches Awards Campaign to Increase Awareness on Internet Safety
Techworld Date Posted: 1:35 PM | 172 Views
Kaspersky Lab has launched a campaign in Asia Pacific to educate the public and spread awareness on Internet safety. Known as the Goondus Awards, the campaign is inviting submissions from the public on Internet...See More

 
5 Simple WiFi Problems and the Easy Ways to Fix Them
Techworld Date Posted: 12 July 2018 4:09 PM | 442 Views
Home WiFi issues can be really frustrating, especially if you’re in the middle of sending an important work file, a video call with a relative living overseas, or a Netflix-bingeing marathon. But most of.... See More
 
5 Simple WiFi Problems and the Easy Ways to Fix Them
Techworld Date Posted: 4:09 PM | 442 Views
Home WiFi issues can be really frustrating, especially if you’re in the middle of sending an important work file, a video call with a relative living overseas, or a Netflix-bingeing marathon. But most of...See More

 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 30 September 2017 9:35 AM | 380 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of products. See More
 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 9:35 AM | 380 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of productsSee More


Power by

Download Free AZ | Free Wordpress Themes