X

Skygofree malware poses serious danger to Android users

Android users have had to face numerous threats in the form of malware throughout the years, but if recent research is to be believed, a new strain is introducing threats that are far more dangerous than before. The malware in question has been dubbed Skygofree, and it was discovered by researchers at Kaspersky Lab. In a detailed report via their SecureList blog, Kaspersky researchers show just how massive the Skygofree malware threat is.

Skygofree, which is so named due to the word being found in a domain, was initially discovered by the Kaspersky Lab team in October 2017. At the time it was already exhibiting unique features that concerned researchers as they had not yet been found in the wild. Since this initial discovery, Skygofree malware began morphing into a far more powerful tool at an alarming rate.

In its current form, Skygofree is able to eavesdrop on WhatsApp messages, record audio in specific areas, steal private data from phones, and give threat actors the ability to, in the words of Kaspersky Lab's Tom Spring, "open reverse shell modules on targeted devices, giving attackers ultimate remote control."

Skygofree's development is believed to have begun in 2014, and at the time, the malware was merely a simple shell compared to what it morphed into (i.e. a complex, "multistage spyware"). Evidence from domains utilized for landing pages that infected devices with Skygofree points to the Italian firm Negg International as the possible source (the company has declined to comment on these allegations).

The way the malware infects Android users is explained by Kaspersky as follows:

Skygofree victims were likely infected via malicious redirects or man-in-the-middle attacks driving users to landing pages that mimic mobile carrier web sites. Those landing pages included similar domain names and web page content to wireless carriers. Once targets were lured to landing page sites they were prompted to update their phone’s software.

The report notes the landing pages below as infection points:

Kaspersky Lab

At the time of its research, Kaspersky Lab surmises that most victims of the Skygofree malware are in Italy. This is likely to change considering how complex this malware is and just how many attacks it can employ on Android devices. To protect yourself, be vigilant in the websites you visit (especially advertising links) and the files you choose to download. Additionally, make sure your Android device has multifaceted malware protections, not just an antivirus program, which will be useless against Skygofree.

Photo credit: Pexels