Have you heard of Skygofree, the malware which works like an app to track text messages? The security researchers describe it as one of the most advanced mobile implants. It is basically a spyware that can steal WhatsApp messages and a lot more from the infected phone secretly.
It forces the phone of the user to record video, audio, steal text messages, intercept calls and even take pictures. It is called advanced because the features it comes with are never before seen. It actually gives the stalker full control to your device. It is a complete threat to a user’s security. Skygofree can secretly turn on the front camera of the device and take a shot whenever a user unlocks his phone. One can only imagine how the criminals will use the data and photos captured from the infected device.
Kaspersky Lab recently published a report on Skygofree. It says that this app to track text messages is being sold by an IT company in Italy that sells surveillance wares. The malware was created in 2014 and ever since, it went through continuous development. It uses 5 separate exploits to get root access to an infected device and even bypass the key Android security measures. It automatically records the surrounding when the infected device enters a location specified by the operators of the malware. A new thing about this malware is its ability to steal WhatsApp conversations by abusing Android Accessibility Service which has been designed to help users who are unable to interact with their device temporarily or those who have disabilities. This malware has another new feature, which isn’t even available in the spy apps to track text messages. It has the ability to connect the infected device to the Wi-Fi networks controlled by the attackers. Skygofree has lots of other features too. For instance, it has a reverse shell which gives the malware operators better remote control of the device. The researchers say 48 different commands can be sent by the attacker using Skygofree.
Skygofree sure seems perfect but it is not. The security experts from Kaspersky Lab say that it contains a number of artifacts which provide clues about the developers of the malware and the code that they have maintained. They came across a domain named ‘h3g.co’ which was registered by an Italian firm ‘Negg International.’ It was easy to trace the developers of the malware.
How does Skygofree get into your device?
According to the researchers at Kaspersky Lab, this malware is spread via web landing pages that pretend to be sites of mobile operators like Vodafone. The attackers don’t have to manually install the malware on the device like a spy app to track text messages. It appears as an update to provide you improved mobile speed. If you download that update to make your mobile internet run faster, then the malware is installed on your phone. It then downloads different payloads to carry out the spy operations on your device.
Should you be worried?
From the data that the researchers found, it was pretty clear that a lot of people in Italy have been infected by this malware. The question is, should you be worried about Skygofree? Well, the good news is its attacks were limited to Italy only. It is safe to assume the devices of US users haven’t been targeted yet. But that does not mean you should take things lightly because this malware works even better than a spying app to track text messages. It is highly advanced malware that leaves no trace of any suspicious snooping. Then how should you stay away from Skygofree? Fortunately, Kaspersky Lab has provided us with some tips to prevent this malware from downloading. Here they are:
- The main tip is to download and install apps from trusted sites only. It is recommended to disable the side-loading of apps.
- Before downloading an app even from the Google Play Store, make sure you check everything about it. The app may seem legit to you but it can be fake. A good way to spot a fake one is to search for the publisher of the app and check its rating. You can also check the number of downloads on the app and its reviews to figure out if it is legit.
- Install an Android security suite on your phone to further protect it.
- Keep scanning your device for malware and spyware time to time.
Other than this, the Kaspersky Lab also suggested users to exercise caution whenever they receive emails from organizations or people they don’t know. Such emails contain attachments and unexpected requests for downloading malware and apps to track text messages. Before clicking any link, check the origin and integrity of the website. If in doubt, simply call the service provider and verify the information. Skygofree is a reminder to all of us that the countries with poor human rights remain a threat to a variety of devices and operating systems.