The Android ecosystem is constantly under attack from new forms of malware, and now security experts at Kaspersky discovered a virus that can spy on users in a completely new way as compared to known cyber-infections.
Skygofree, which was named after one of the domains it used for compromising devices, has been around since at least 2014, Kaspersky says, despite signs of the infection being discovered late last year.
Skygofree typically waits for victims on fake mobile operator websites, as malicious actors disguised the malware as an update to the pre-installed apps that are typically shipped on smartphones purchased from carriers. Skygofree-infected apps promise to offer faster Internet speed, trying to trick visitors into downloading them.
“If a user swallows the bait and downloads the Trojan, it displays a notification that setup is supposedly in progress, conceals itself from the user, and requests further instructions from the command server. Depending on the response, it can download a variety of payloads — the attackers have solutions for almost every occasion,” Kaspersky says, adding that all infections discovered so far were in Italy.
As far as what the malware can do to your device is concerned, there are very complex and advanced spying capabilities, such as tracking the location of the phone and enabling audio recording when you arrive to a certain location. This can be used for cyber-espionage, as an infected device can start recording audio when the owner of the phone is in key locations monitored by hackers, such as a CEO at the company’s headquarters in private meetings.
Additionally, Skygofree can connect the device to Wi-Fi networks tracked by attackers and thus collect information as to websites visited, passwords, and even credit card data.
It can monitor instant messaging apps like Facebook Messenger, Skype, and WhatsApp and steal conversations using the phone’s Accessibility Services.
And one of the worst thing it can do is take a picture of you with the front camera every single time you unlock the device.
What’s important to know is that the malware hasn’t made it to the Google Play Store, and this once again emphasizes how important it is to always download apps from sources that you can trust.