We are still coming to terms with Meltdown and Spectre. While those exploits are still being patched on PC and mobile platforms, a new malware that has never been seen before has been discovered. This malware called 'Skygofree', currently found on the Android platform, has spying capabilities such as location-based audio recording and other features that have never before been seen in the wild.
Kaspersky Labs, which first discovered the spyware Skygofree, is calling it an offensive security product sold by an Italy-based IT company. It was named after one of the domains it used.
What are the damages it can cause?
According to Kaspersky Labs, the malware can track the location of a device which it is installed on and turn on the audio recording capabilities of the device when the owner is in a certain place. This lets attackers fine tune when they can listen in on their targets. If you are the head of a company which deals with critical information, carrying a Skygofree affected phone to office may not be the best of ideas.
The other feature that is unique is the ability of Skygofree to connect infected devices to Wi-Fi networks which are controlled by the hackers. This would help them with analysing the traffic on the victim's phone. Also, this works despite the owner of the device manually turning off Wi-Fi. What it essentially means is that if you are connected to this Wi-Fi network (controlled by the hackers), your usernames, passwords, card numbers and other sensitive information is in danger of being hacked.
The malware can even operate in standby mode. For instance, in the latest Android OS inactive apps or processes are stopped to save on battery life. Skygofree can easily bypass that by periodically sending system notifications. It can even make itself a 'favourite app' so that the Android OS does not stop its functioning.
Skygofree is also capable of monitoring messaging apps such as Facebook Messenger, Skype, Viber as well as WhatsApp. This can read WhatsApp messages through Accessibility Services.
It is also capable of performing that scary move of turning on the camera remotely, which clicks a photo of the user when the phone is being unlocked. There can be a hundred ways in which this aspect could be exploited by those with malicious intent.
All this is in addition to features such as intercepting calls and SMSes, calendar entries and other user-related data. There are around 48 such commands according to ArsTechnica.
How long has it been operational?
"We discovered Skygofree recently, in late 2017, but our analysis shows the attackers have been using it — and constantly enhancing it — since 2014. Over the past three years, it has grown from a rather simple piece of malware into full-fledged, multifunctional spyware," said the Kaspersky blog.
How is it distributed? Is my phone affected by it?
According to Kaspersky Labs, the Skygofree malware has been distributed through fake mobile operator websites, where the Skygofree malware appears as an update with the promise of improving mobile speed. If you are tempted by the promise of faster mobile internet and download that update, then it starts installing on your phone and downloading different variety of payloads to carry out spying operations on your device.
The attacks seem to be limited to Italy at the moment. There wasn't any mention of India in the Kaspersky blog, so it is safe to assume it has affected any Indian users.
Tips to prevent accidental installation of Skygofree
Kaspersky Labs has provided some tips in order to prevent the downloading of Skygofree. One of the main tip is to install apps only from trusted sources, and disable side-loading of apps. There are many fake apps on the Android app store, which will try to sound similar to legit apps. Always look for the app publisher, the app ratings, spellings of the apps and other factors if you are not sure of the app. A small number of downloads on an app and very few ratings should immediately raise flags. If possible, also install some Android security suite on your phones and keep scanning your phone for malwares at regular intervals.