Described by its discoverers Kaspersky Lab as one of the most advanced mobile implants ever, an implant has been found that has been active since 2014 and is designed for targeted cyber-surveillance.
Skygofree, the implant in question, is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device. Advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers, as well as the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location.
The implant adds itself to the list of ‘protected apps' so it is not automatically turned off when the screen is off. Researchers recently found several modules targeting Windows users because it seems the attackers have a particular interest in that target group.
Kaspersky Lab strongly recommends implementing a reliable security solution which can identify and block threats like these - such as its own Kaspersky security for mobile. Users are also advised to proceed with caution when they receive emails from people or organisations they do not know, or unexpected attachments, and to always check the integrity and origin of websites before clicking on their links.
Sarb Sembhi, CTO and CISO of Virtually Informed, commented to SC Media UK: “It is interesting that the advice security professionals have been providing is as relevant today as it's always been, and yet still people are being infected. In some respects, the problem cannot always be put onto users; the Android Platform and the Play Store must take some responsibility for this. The Android platform allows updates to be controlled by manufacturers and carriers, this opens devices to not get the updates they need, when they need them. Failing to audit apps on the Play Store thoroughly enough is not acceptable in this day and age, when there are plenty of tools around to audit what apps do.
“When it comes to using mobile devices, if we can't fix the users, we should certainly try alternative approaches, and the Android Platform should be it. “Let's stop blaming users, - they want to get on with their lives and just get things done; having to perform all the checks that I (and most security professionals) perform isn't what life is about for them.”
Raj Samani, chief scientist, McAfee, commented to SC Media UK: “The Italian Job part 2. We are talking about a very comprehensive smartphone spyware solution that has been in development for years. It is a tremendous find from Kaspersky Lab and reveals a marketplace for surveillance tools below the fanfare of the traditional information security market.”