Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Power Mac Center Launches App Development Contest for Kids
Techworld Date Posted: 12 December 2018 4:13 PM | 151 Views
Apple Authorized Training Provider Power Mac Center, in collaboration with Kids Can! Innovation Camp, launches emPOWER UP! Design a Better World: App Development Challenge for kids between 10-15 years old.. See More
 
Power Mac Center Launches App Development Contest for Kids
Techworld Date Posted: 4:13 PM | 151 Views
Apple Authorized Training Provider Power Mac Center, in collaboration with Kids Can! Innovation Camp, launches emPOWER UP! Design a Better World: App Development Challenge for kids between 10-15 years old.See More

 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 21 April 2018 1:52 PM | 626 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0.... See More
 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 1:52 PM | 626 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0...See More

 
PLDT-Smart Omega Gears Up for Country’s First Franchise-Based Esports League
Techworld Date Posted: 14 March 2019 9:12 AM | 156 Views
PLDT-Smart Omega, the professional esports team of leading telco and digital services provider PLDT and its mobile arm Smart Communications, is one of the five inaugural teams competing in The Nationals, the country's first.... See More
 
PLDT-Smart Omega Gears Up for Country’s First Franchise-Based Esports League
Techworld Date Posted: 9:12 AM | 156 Views
PLDT-Smart Omega, the professional esports team of leading telco and digital services provider PLDT and its mobile arm Smart Communications, is one of the five inaugural teams competing in The Nationals, the country's first...See More

PCBG Contributing Writer
Allu Out, GuardiaN In
Techworld • By: PCBG Contributing Writer | Date Posted: 3 August 2017 1:59 PM | 597 Views
After failing to qualify for the quarterfinals at the recent PGL Krakow Major Championship, Natus Vincere shocked many fans due to their visibly poor performance during the group stage matches. It was one of.... See More
PCBG Contributing Writer
Allu Out, GuardiaN In
Techworld • By: PCBG Contributing Writer | Date Posted: 1:59 PM | 597 Views
After failing to qualify for the quarterfinals at the recent PGL Krakow Major Championship, Natus Vincere shocked many fans due to their visibly poor performance during the group stage matches. It was one of...See More

 
Hitachi Vantara to Extend Reach in Philippines with Strategic MSI–ECS Partnership
Techworld Date Posted: 6 July 2018 3:42 PM | 603 Views
Manila, Philippines — Hitachi Vantara, a wholly owned subsidiary of Hitachi Ltd. (TSE: 6501), today announced an expansion of its distribution agreement with MSI – ECS Philippines, Inc. beyond Singapore and China.... See More
 
Hitachi Vantara to Extend Reach in Philippines with Strategic MSI–ECS Partnership
Techworld Date Posted: 3:42 PM | 603 Views
Manila, Philippines — Hitachi Vantara, a wholly owned subsidiary of Hitachi Ltd. (TSE: 6501), today announced an expansion of its distribution agreement with MSI – ECS Philippines, Inc. beyond Singapore and China...See More

 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 8 May 2017 11:06 AM | 336 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates.... See More
 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 11:06 AM | 336 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates...See More

 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 22 August 2018 2:04 PM | 363 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI.... See More
 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 2:04 PM | 363 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI...See More

 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 27 February 2019 1:27 PM | 90 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.. See More
 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 1:27 PM | 90 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.See More

 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 23 August 2018 2:03 PM | 395 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to.... See More
 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 2:03 PM | 395 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to...See More

 
Symantec Significantly Expands Cloud Security Portfolio with Innovations to Secure Cloud Generation Applications, Workloads and Infrastructure
Techworld Date Posted: 6 November 2018 8:50 AM | 177 Views
Symantec Corp (NASDAQ: SYMC), the world’s leading cyber security company, today announced innovations and expansions to its cloud security portfolio, designed to help organizations protect the cloud generation applications and infrastructure they rely on.. See More
 
Symantec Significantly Expands Cloud Security Portfolio with Innovations to Secure Cloud Generation Applications, Workloads and Infrastructure
Techworld Date Posted: 8:50 AM | 177 Views
Symantec Corp (NASDAQ: SYMC), the world’s leading cyber security company, today announced innovations and expansions to its cloud security portfolio, designed to help organizations protect the cloud generation applications and infrastructure they rely on.See More


Power by

Download Free AZ | Free Wordpress Themes