Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


Frank Emmanuel Trazo
The Great White Mystery in Kona
Techworld • By: Frank Emmanuel Trazo | Date Posted: 6 September 2017 9:52 AM | 513 Views
Every hometown has its own tall tales. Such tales makes every community unique, interesting and historically significant. When these tales are translated into video games, gamers will get to know better about a hometown's.... See More
Frank Emmanuel Trazo
The Great White Mystery in Kona
Techworld • By: Frank Emmanuel Trazo | Date Posted: 9:52 AM | 513 Views
Every hometown has its own tall tales. Such tales makes every community unique, interesting and historically significant. When these tales are translated into video games, gamers will get to know better about a hometown's...See More

 
Tag-Ulan Hits: Finding Real Joy This Rainy Season
Techworld Date Posted: 18 July 2019 4:57 PM | 405 Views
Tag-Ulan Hits: Finding Real Joy This Rainy Season. See More
 
Tag-Ulan Hits: Finding Real Joy This Rainy Season
Techworld Date Posted: 4:57 PM | 405 Views
Tag-Ulan Hits: Finding Real Joy This Rainy SeasonSee More

 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 15 December 2017 10:27 AM | 593 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service center. See More
 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 10:27 AM | 593 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service centerSee More

 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 26 October 2017 1:39 PM | 415 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.. See More
 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 1:39 PM | 415 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.See More

 
Fujitsu Develops AI Technology to Determine the Necessity of Cyberattack Responses
Techworld Date Posted: 13 February 2019 9:55 AM | 239 Views
Fujitsu Laboratories Ltd. has announced that it has developed an AI technology that automatically determines whether action needs to be taken in response to a cyberattack. . See More
 
Fujitsu Develops AI Technology to Determine the Necessity of Cyberattack Responses
Techworld Date Posted: 9:55 AM | 239 Views
Fujitsu Laboratories Ltd. has announced that it has developed an AI technology that automatically determines whether action needs to be taken in response to a cyberattack. See More

 
Bridging the Generation Gap How Tech Companies Can Address Different Privacy and Cybersecurity Attitudes
Techworld Date Posted: 2 April 2019 3:54 PM | 175 Views
Maxim Frolov, Vice President of Global Sales, Kaspersky LabWhilst advancements in technology have made the world feel smaller than ever before, the gap between the generations has continued to widen. Differences in lifestyle, values.... See More
 
Bridging the Generation Gap How Tech Companies Can Address Different Privacy and Cybersecurity Attitudes
Techworld Date Posted: 3:54 PM | 175 Views
Maxim Frolov, Vice President of Global Sales, Kaspersky LabWhilst advancements in technology have made the world feel smaller than ever before, the gap between the generations has continued to widen. Differences in lifestyle, values...See More

 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 29 October 2018 5:13 PM | 320 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.. See More
 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 5:13 PM | 320 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.See More

 
Limited Edition Gold Lenovo Legion Y520 Gaming Laptop Now Available in the Philippines
Techworld Date Posted: 5 April 2018 4:53 PM | 195 Views
Lenovo recently announced that the limited edition gold Lenovo Legion Y520 gaming laptop is now available in the Philippines. With its new hardware, it is sure to elevate the gaming experience. It comes with.... See More
 
Limited Edition Gold Lenovo Legion Y520 Gaming Laptop Now Available in the Philippines
Techworld Date Posted: 4:53 PM | 195 Views
Lenovo recently announced that the limited edition gold Lenovo Legion Y520 gaming laptop is now available in the Philippines. With its new hardware, it is sure to elevate the gaming experience. It comes with...See More

 
Kids in SEA Use Internet Less for Online Messaging, More for Music, Video Streaming
Techworld Date Posted: 26 September 2019 11:50 AM | 400 Views
Kids in SEA Use Internet Less for Online Messaging, More for Music, Video Streaming. See More
 
Kids in SEA Use Internet Less for Online Messaging, More for Music, Video Streaming
Techworld Date Posted: 11:50 AM | 400 Views
Kids in SEA Use Internet Less for Online Messaging, More for Music, Video StreamingSee More

 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 18 February 2019 11:49 AM | 359 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity..... See More
 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 11:49 AM | 359 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity....See More


Power by

Download Free AZ | Free Wordpress Themes