New Android Malware Detected by Kaspersky Labs - Can Record Audio, Steal WhatsApp Messages and Much More
In another breakthrough move, Kaspersky Labs reports the finding of new malicious surveillance software christened “Skygofree”.
In another breakthrough move, Kaspersky Labs reports the finding of new malicious surveillance software christened “Skygofree”. In the early part of October 2017, Kaspersky team discovered new Android spyware with innumerable features never seen before in the wilderness. On conducting further research, they found a number of related samples which indicate a long-term development process. According to Kaspersky, the initial versions of this malware were created at least three years ago, at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, few of which are listed below:
the ability to record audio surroundings via the microphone when an infected device is in a specified location
the stealing of WhatsApp messages via Accessibility Services
the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.
Sophisticated Spying Capabilities of the Malware
As per Kaspersky reports, the developer appears to be like Hacking Team, a controversial Italian company that sells surveillance tools to governments around the world, from Azerbaijan and Russian Federation to Colombia and the United States. Recently, governments around the world have been caught deploying similar sorts of spyware to monitor activists and dissidents. The "Skygofree" malware, is allegedly capable of turning on the microphone to record audio, while also diving into encrypted WhatsApp messages. While Skygofree continues to infect devices, spreading "through web pages mimicking leading mobile network operators and carriers like Vodafone", its distribution was mostly active in 2015.
However, a new piece of Android malware is making the rounds, and it's loaded to the brim with sophisticated spying capabilities. It is now being used to surveil targets in Italy, the vendor said. The malware is also equipped with all the features and root access privileges usually associated with trojan spyware, including capturing photos and videos, seizing call records and text messages, as well as monitoring the users location via GPS (Global Positioning System), their calendar and any information stored on the device.
Malware even Detects if its running on a Huawei or Windows Device
Kaspersky identified "48 different commands that can be implemented by attackers, allowing for maximum flexibility of use". Apps not selected as protected apps stop working once the screen is off and await reactivation, so the implant is able to determine that it is running on a Huawei device and add itself to this list. So far, the malware, which may be distributed through bogus mobile carrier websites, has been spotted in the wild exclusively in Italy. They say the malware has been active since 2014 and that the campaign is still ongoing. Alexey Firsh, a malware analyst at Kaspersky Lab, said in a statement that the malware is not only hard to identify, but it also "can spy extensively on targets without arousing suspicion". Skygofree can also connect a user's phone to Wi-Fi networks controlled by the hackers, providing them with more access to the device. A special feature enables Skygofree to circumvent a battery-saving technique. During the Skygofree research and investigation, Kaspersky also found spyware tools for Windows that could be implanted on target systems in order to extract data.
Steps to Protect your Device
There are several ways to protect against these sorts of targeted cyber attacks few of which are listed below:
You are encouraged to use a security tool on your mobile or tablet to help protect your device
Exercise caution when you receive emails from people or organizations you don't know, or with unexpected requests or attachments
If you don't install unknown APKs, it's impossible to become infected with Skygofree
If your device is running an even semi-recent build of Android, Skygofree will fail to gain a foothold because Android has been patched to block the exploits
Run anti-malware tools to detect attacks early, if any