Kaspersky discovers powerful Skygofree mobile Trojan
Wed 17 Jan 2018
Security researchers at Kaspersky Labs have discovered an advanced mobile Trojan called Skygofree, which carries a swathe of worrying features.
The Trojan, which has so far only breached a small number of devices in Italy, is, according to Kaspersky, ‘overflowing’ with ways to impeach upon the user’s privacy.
It has the ability to track the user’s location, then turn on audio recording when they are in a certain place. This has major applications in a business setting, where it would be easy for the hackers to listen in on confidential meetings or conversations.
Skygofree can also connect an infected device to a wi-fi network controlled by the hackers, even when the user has disabled wi-fi on the phone or tablet. This means that traffic processed under that wi-fi network can be collected and analysed by the hackers – including details such as logins, passwords and credit card details.
Compared to typical Trojans, which carry out a simple task such as taking payment information or installing ransomware, Skygofree has far more advanced abilities. This includes bypassing devices’ standby modes.
It does this, for instance, by sending system notifications to Android devices, which functions as a workaround to the operating system’s battery saving mode. The software can even turn on the front facing camera and take a photo when the user unlocks the phone.
As if that wasn’t enough, it can also gain access to popular messaging apps such as Messenger, Skype and WhatsApp. In the case of WhatsApp, which at the last count was used by 1.3 billion people worldwide, Skygofree gains access by using Accessibility Services, which is intended to assistant blind or deaf phone users.
Though the device will require permission to do this, the designers of the malware hide the request for this behind another apparently innocent request.
According to Kaspersky, the trojan has been in use since 2014, when it initially began as a simple piece of malware. It has developed over time into the more complex ‘spyware’ that is now attacking phones.
Skygofree appears to be gaining access to phones via fake mobile operator websites. The Trojan pretends to be an update to improve mobile internet speed.