Researchers Discover Skygofree Android Malware With Crazy Powerful Spying Capabilities

by Brandon Hill — Tuesday, January 16, 2018, 03:57 PM EDT

Android malware that has the ability to spy on users and perform other nefarious tasks seem to be a dime a dozen these days. However, a new piece of Android malware is making the rounds, and it's loaded to the brim with sophisticated spying capabilities that have never been seen before.

Dubbed Skygofree, the malware was first developed back in 2014 and has gone through a number of code rewrites since then. In its most current iteration, the number of features that are at its disposal are quite remarkable. Kaspersky labels Skygofree as "multi-stage spyware that gives attackers full remote control of the infected device."

Skygofree is capable of recording audio via the microphone on a target device when it enters a certain geolocation, and can pilfer WhatsApp messages using Accessibility Services as a point of entry. In addition, it can automatically connect a device to a Wi-Fi networks that could be controlled by nefarious parties.

If that wasn't enough, the malware is capable of snapping pictures and capturing video footage in addition to stealing text messages, calendar events and business-related information that is stored on-device.

A more interesting development surrounds a feature that is reserved specifically for Huawei devices, and will likely garner calls of "I told you so" from members of Congress. Kaspersky’s Nikita Buchka and Alexey Firsh write:

Some versions of the Skygofree feature the self-protection ability exclusively for Huawei devices. There is a ‘protected apps’ list in this brand’s smartphones, related to a battery-saving concept. Apps not selected as protected apps stop working once the screen is off and await re-activation, so the implant is able to determine that it is running on a Huawei device and add itself to this list. Due to this feature, it is clear that the developers paid special attention to the work of the implant on Huawei devices.

Kaspersky says that the malware, which was likely developed in Italy, is spreading the web landing pages disguised to look like legitimate wireless carrier sites like Vodafone. It is suspected that Skygofree is a weaponized, offensive tool that can be purchased by police departments or governments around the world to spy on suspects or "enemies of the state".

Tags: Android, Malware, Huawei, Kaspersky, (nasdaq:goog), skygofree

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now