Skygofree malware poses serious danger to Android users

Android users have had to face numerous threats in the form of malware throughout the years, but if recent research is to be believed, a new strain is introducing threats that are far more dangerous than before. The malware in question has been dubbed Skygofree, and it was discovered by researchers at Kaspersky Lab. In a detailed report via their SecureList blog, Kaspersky researchers show just how massive the Skygofree malware threat is.

Skygofree, which is so named due to the word being found in a domain, was initially discovered by the Kaspersky Lab team in October 2017. At the time it was already exhibiting unique features that concerned researchers as they had not yet been found in the wild. Since this initial discovery, Skygofree malware began morphing into a far more powerful tool at an alarming rate.

In its current form, Skygofree is able to eavesdrop on WhatsApp messages, record audio in specific areas, steal private data from phones, and give threat actors the ability to, in the words of Kaspersky Lab's Tom Spring, "open reverse shell modules on targeted devices, giving attackers ultimate remote control."

Skygofree's development is believed to have begun in 2014, and at the time, the malware was merely a simple shell compared to what it morphed into (i.e. a complex, "multistage spyware"). Evidence from domains utilized for landing pages that infected devices with Skygofree points to the Italian firm Negg International as the possible source (the company has declined to comment on these allegations).

The way the malware infects Android users is explained by Kaspersky as follows:

Skygofree victims were likely infected via malicious redirects or man-in-the-middle attacks driving users to landing pages that mimic mobile carrier web sites. Those landing pages included similar domain names and web page content to wireless carriers. Once targets were lured to landing page sites they were prompted to update their phone’s software.

The report notes the landing pages below as infection points:

Kaspersky Lab

At the time of its research, Kaspersky Lab surmises that most victims of the Skygofree malware are in Italy. This is likely to change considering how complex this malware is and just how many attacks it can employ on Android devices. To protect yourself, be vigilant in the websites you visit (especially advertising links) and the files you choose to download. Additionally, make sure your Android device has multifaceted malware protections, not just an antivirus program, which will be useless against Skygofree.

Photo credit: Pexels

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

15 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

18 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

21 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

2 days ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

2 days ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

2 days ago