Skygofree

Most of mobiles Malware do relatively simple stuff, stealing data, mining cryptocurrency or encrypting files, but some months ago a very sophisticated one was discorevered, Skygofree.

ChessMaster_s-Recovered-Recovered

Some of the functions that make Skygofree terrifying are:

  • It can turn on the microphone for audio recording when the device is in a determined location
  • It can connect to networks controlled by the hackers, even with Wi-Fi disabled on the device, giving access to all the user’s traffic (passwords, credit cards, sites visited).
  • The stealing of WhatsApp messages via Accessibility Services
  • Secretly turning on the front-facing camera and take photos or videos

The main way on infection is through fake Mobile operators pages, where the user downloads an “update” and get infected. Once on the Phone, it shows a progress bar while waiting for instructions on what to do from the attackers.

The virus also has a way to protect itself, it can show a fake notification to prevent killing the background services it use.

Skygofree uses exploits to get the root privileges by looking for the device in a database of mobiles, to adjust itself on what it is attacking and exploiting its vulnerabilities.

180115-skygofree-13

So far Skygofree has only been seing on some parts of Italy, however, due to all the damage it can cause it is better to be prevented by only downloading apps from official sources and disabling installation of third-party apps.

References:

https://www.kaspersky.com/blog/skygofree-smart-trojan/20717/

https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión /  Cambiar )

Google photo

Estás comentando usando tu cuenta de Google. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )

Conectando a %s