Kaspersky Lab has discovered a variety of Android malware that uses multiple vulnerabilities to gain full control of a device. Security researchers have identified details of a highly-sophisticated Android Trojan that has been used to gain control of people’s Android devices and steal information.
According to researchers at Russia’s Kaspersky Lab, attackers using the tool called “Skygofree,” which can also remotely command the malware to connect to Wi-Fi networks under their control, copy WhatsApp messages, extract files, and snap photos. It also has the ability to track user location, intercept text messages, SMS, geolocation, calendar events and much more. Kaspersky states its capabilities are “reminiscent of Hollywood spy movies.”
Kaspersky Lab said that Skygofree sends regular system notifications or sets itself as a favorite app to block the battery-saving features of Android. In case of WhatsApp messages, Trojan uses an Accessibility Services- based clever technique. But in the actual case, Accessibility Services requires the user’s permission but this malware shows innocent, request and hides the request for permission.
“Given the artefacts, we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like Hacking Team,” said Kaspersky Lab malware analyst Alexey Firsh.
However, Skygofree has actually been around since 2014 and Kaspersky Lab said its surveillance campaign was still ongoing.