Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Playing an Integral Part of the Nation’s Modernization through Security, Fire and Safety
Techworld Date Posted: 7 August 2018 10:14 AM | 565 Views
The second edition of the Philippines’ leading security, fire and safety event, IFSEC Philippines took place on 29 May – 1 June 2018 at the SMX Convention Center. Attended by 3,879 visitors from around.... See More
 
Playing an Integral Part of the Nation’s Modernization through Security, Fire and Safety
Techworld Date Posted: 10:14 AM | 565 Views
The second edition of the Philippines’ leading security, fire and safety event, IFSEC Philippines took place on 29 May – 1 June 2018 at the SMX Convention Center. Attended by 3,879 visitors from around...See More

 
With Public Cloud Services Disrupted, Businesses Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 17 May 2019 2:17 PM | 18 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced.... See More
 
With Public Cloud Services Disrupted, Businesses Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 2:17 PM | 18 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced...See More

 
Kaspersky Lab Releases a Statement on Momo Challenge
Techworld Date Posted: 2 March 2019 4:13 PM | 34 Views
We’ve seen the Momo ‘challenge,’ which is creating panic and hysteria across the internet, cropping up in . It is important to remember that this not a genuine cyber threat in terms of infecting.... See More
 
Kaspersky Lab Releases a Statement on Momo Challenge
Techworld Date Posted: 4:13 PM | 34 Views
We’ve seen the Momo ‘challenge,’ which is creating panic and hysteria across the internet, cropping up in . It is important to remember that this not a genuine cyber threat in terms of infecting...See More

 
Take Smartphone Photography to the Next Level with Huawei P30 Series
Techworld Date Posted: 26 April 2019 5:17 PM | 20 Views
Experience groundbreaking mobile photography for your life's greatest moments with the Huawei P30 Series.. See More
 
Take Smartphone Photography to the Next Level with Huawei P30 Series
Techworld Date Posted: 5:17 PM | 20 Views
Experience groundbreaking mobile photography for your life's greatest moments with the Huawei P30 Series.See More

 
How We (Lenovo) See a World Powered by AI
Techworld Date Posted: 28 July 2017 3:54 PM | 17 Views
Ask 10 people what does AI do, and you'll likely get 10 different answers. And many of them would be correct. That's the beauty of AI; it's capable of so many things.. See More
 
How We (Lenovo) See a World Powered by AI
Techworld Date Posted: 3:54 PM | 17 Views
Ask 10 people what does AI do, and you'll likely get 10 different answers. And many of them would be correct. That's the beauty of AI; it's capable of so many things.See More

 
38% Would Give Up Social Media to Guarantee Lifetime Data Privacy, Kaspersky’s Study Says
Techworld Date Posted: 27 June 2019 11:00 AM | 24 Views
38% Would Give Up Social Media to Guarantee Lifetime Data Privacy, Kaspersky’s Study Says . See More
 
38% Would Give Up Social Media to Guarantee Lifetime Data Privacy, Kaspersky’s Study Says
Techworld Date Posted: 11:00 AM | 24 Views
38% Would Give Up Social Media to Guarantee Lifetime Data Privacy, Kaspersky’s Study Says See More

 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 31 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 31 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More

 
COLORFUL Readies World’s Most Unique RTX 2080 Ti along with New Products
Techworld Date Posted: 1 June 2019 11:34 AM | 17 Views
Colorful Technology Company Limited, a professional manufacturer of graphics cards, motherboards, and high-performance storage solutions, is pleased to showcase its greatest products yet. . See More
 
COLORFUL Readies World’s Most Unique RTX 2080 Ti along with New Products
Techworld Date Posted: 11:34 AM | 17 Views
Colorful Technology Company Limited, a professional manufacturer of graphics cards, motherboards, and high-performance storage solutions, is pleased to showcase its greatest products yet. See More

 
Fortinet Introduces New Security Automation Capabilities on Amazon Web Services, Expands Fortinet Security Fabric Offerings
Techworld Date Posted: 4 January 2019 1:19 PM | 21 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced the expansion of its Fortinet Security Fabric offerings and new automation capabilities for Amazon Web Services (AWS). See More
 
Fortinet Introduces New Security Automation Capabilities on Amazon Web Services, Expands Fortinet Security Fabric Offerings
Techworld Date Posted: 1:19 PM | 21 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced the expansion of its Fortinet Security Fabric offerings and new automation capabilities for Amazon Web Services (AWS)See More

 
ADATA Sets New Overclocking Record with XPG SPECTRIX D80 RGB Memory Module at 5584MT/s
Techworld Date Posted: 9 January 2019 12:40 PM | 25 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules, and NAND Flash products has announced that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory module. See More
 
ADATA Sets New Overclocking Record with XPG SPECTRIX D80 RGB Memory Module at 5584MT/s
Techworld Date Posted: 12:40 PM | 25 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules, and NAND Flash products has announced that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory moduleSee More


Power by

Download Free AZ | Free Wordpress Themes