Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

 

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

 

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

 

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

 

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

 

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

 

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

 

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

 

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

 

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

 

To stay protected from advanced mobile malware threats, Kaspersky Lab strongly recommends:

 

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

 

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

 

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

 

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

 

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Realme 3 Ready to Conquer Offline Sales Following Record-Breaking Shopee Promo
Techworld Date Posted: 2 April 2019 3:59 PM | 84 Views
Realme 3, the budget and midrange smartphone disruptor, is now available for pre-order. For a minimum deposit of PHP500, customers can reserve either the 3GB RAM+64GB storage variant or the 4GB RAM+64GB storage variant.... See More
 
Realme 3 Ready to Conquer Offline Sales Following Record-Breaking Shopee Promo
Techworld Date Posted: 3:59 PM | 84 Views
Realme 3, the budget and midrange smartphone disruptor, is now available for pre-order. For a minimum deposit of PHP500, customers can reserve either the 3GB RAM+64GB storage variant or the 4GB RAM+64GB storage variant...See More

 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 16 November 2018 2:40 PM | 273 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.. See More
 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 2:40 PM | 273 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.See More

 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 25 September 2017 11:26 AM | 370 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of.... See More
 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 11:26 AM | 370 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of...See More

 
Realme Philippines Opens 100th Kiosk, Eyes 100 More Before End of 2019
Techworld Date Posted: 25 July 2019 5:20 PM | 104 Views
Realme Philippines Opens 100th Kiosk, Eyes 100 More Before End of 2019. See More
 
Realme Philippines Opens 100th Kiosk, Eyes 100 More Before End of 2019
Techworld Date Posted: 5:20 PM | 104 Views
Realme Philippines Opens 100th Kiosk, Eyes 100 More Before End of 2019See More

 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 29 November 2017 4:53 PM | 470 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. . See More
 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 4:53 PM | 470 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. See More

 
Institute for Information Industry Gathers International and Domestic STEAM Strength to Realize Future Education Dreams
Techworld Date Posted: 23 September 2017 11:54 AM | 374 Views
In the trend of STEAM education and computational thinking, Digital Education Institute (DEI) of Institute for Information Industry in Taiwan (III) held the event of "TalenTech 2017" from September 10th to 12th with the.... See More
 
Institute for Information Industry Gathers International and Domestic STEAM Strength to Realize Future Education Dreams
Techworld Date Posted: 11:54 AM | 374 Views
In the trend of STEAM education and computational thinking, Digital Education Institute (DEI) of Institute for Information Industry in Taiwan (III) held the event of "TalenTech 2017" from September 10th to 12th with the...See More

 
Lazada Hacks: 6 Ways to Save on Realme C1
Techworld Date Posted: 7 December 2018 8:59 AM | 252 Views
Christmas is just around the corner! Celebrate the festive season with a discounted treat from Realme’s #RealEntryLevelKing – Realme C1. Sharing with you some Lazada hacks to score Realme C1 even lower than the.... See More
 
Lazada Hacks: 6 Ways to Save on Realme C1
Techworld Date Posted: 8:59 AM | 252 Views
Christmas is just around the corner! Celebrate the festive season with a discounted treat from Realme’s #RealEntryLevelKing – Realme C1. Sharing with you some Lazada hacks to score Realme C1 even lower than the...See More

 
Kaspersky Lab Teams Up with Cybersecurity Pros to Secure the Future of the Security Industry with SAS Unplugged
Techworld Date Posted: 29 March 2019 5:16 PM | 105 Views
In an effort to give back to the security research community, global cybersecurity company Kaspersky Lab is announcing the introduction of the newest component of its annual Security Analyst Summit (SAS) that aims to.... See More
 
Kaspersky Lab Teams Up with Cybersecurity Pros to Secure the Future of the Security Industry with SAS Unplugged
Techworld Date Posted: 5:16 PM | 105 Views
In an effort to give back to the security research community, global cybersecurity company Kaspersky Lab is announcing the introduction of the newest component of its annual Security Analyst Summit (SAS) that aims to...See More

 
5 Entertaining Vlogs to Help Get You through Everyday Traffic
Techworld Date Posted: 31 May 2018 2:52 PM | 370 Views
We have come to accept traffic as part of city life, and we all have our ways of coping like sneaking in a quick nap, tuning into our own ‘traffic playlist,’ catching up on.... See More
 
5 Entertaining Vlogs to Help Get You through Everyday Traffic
Techworld Date Posted: 2:52 PM | 370 Views
We have come to accept traffic as part of city life, and we all have our ways of coping like sneaking in a quick nap, tuning into our own ‘traffic playlist,’ catching up on...See More

 
Snake Oil: In Q2 Spammers Cashed in on WannaCry Epidemics to Promote Fraudulent Services for Protection against the Notorious Ransomware Attack
Techworld Date Posted: 4 September 2017 3:30 PM | 349 Views
In Q2 2017, cybercriminals involved in spam distribution tried to capitalize on public fears when the WannaCry ransomware epidemic struck in May. Knowing that there are lots of people out there infected with this.... See More
 
Snake Oil: In Q2 Spammers Cashed in on WannaCry Epidemics to Promote Fraudulent Services for Protection against the Notorious Ransomware Attack
Techworld Date Posted: 3:30 PM | 349 Views
In Q2 2017, cybercriminals involved in spam distribution tried to capitalize on public fears when the WannaCry ransomware epidemic struck in May. Knowing that there are lots of people out there infected with this...See More


Power by

Download Free AZ | Free Wordpress Themes