Researchers identify Android malware that can ‘spy extensively’

Kaspersky Lab on Tuesday sounded the alarm about the discovery of highly advanced surveillance software that it said can infiltrate Android mobile devices and gather “targeted” information without users’ consent.

Researchers at the Moscow-based cybersecurity firm described the spyware, named Skygofree, as a sophisticated mobile implant “designed for targeted cyber-surveillance” that can be potentially used as an “offensive security” product. 

“Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device,” the company said in a Tuesday press release.

{mosads}Alexey Firsh, a malware analyst at Kaspersky Lab, said in a statement that the malware is not only hard to identify, but it also “can spy extensively on targets without arousing suspicion.”

Skygofree, which has been active since 2014, can go as far as listening in on conversations when a mobile device enters a particular location.

“It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location — a feature that has not previously been seen in the wild,” it continued.

The spyware has a large range of sophisticated capabilities that allow it to assume control of a mobile device. Kaspersky identified “48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.”

“The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory,” Kaspersky Labs found.

Skygofree can also connect a user’s phone to Wi-Fi networks controlled by the attackers, providing them with more access to the device.

The implant also is developed to protect itself when the device begins to save battery life. It is programmed to list itself as one of the devices’ “protected apps,” so that it can continue running even when the screen automatically turns off.

While Skygofree continues to infect devices, spreading “through web pages mimicking leading mobile network operators,” its distribution was mostly active in 2015.

Data, which revealed that all of the victims so far have been located in Italy, led researchers to believe the developer of the Skygofree is an Italian IT company.

“Given the artifacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” Firsh added.

The company also found that the spyware appears to be targeting Windows users with recently developed modules.

Kaspersky, a global cybersecurity company, came under heavy scrutiny last year for alleged ties to the Russian government.

The Department of Homeland Security’s (DHS) banned federal agencies from using Kaspersky Lab products in September, pointing to the potential security risk of working with the Russian-based firm.

Although the company has repeatedly maintained that it operates independently of the Russian government, DHS said the decision was based on information already available in the public view — like newspaper reports and congressional testimonies.

The founder of Kaspersky Lab says the company plans to challenge the DHS ban.