New malware detection has terrible spy capabilities never seen on Android

Recently, researchers have discovered a new Android spy platform called Skygofree. This is one of the most powerful spy platforms ever created on Android because it includes location-based recording applications and other features that have never been seen before.

According to the announcement of Kasspersky Lab, Skygofree was created in late 2014 and this seems to be a security product sold by an Italian-based IT company, which sells various monitoring devices.

After going through the continuous development process since it was created, in the latest version this malicious code has up to 48 different commands and 5 separate exploits to get privileged root access, allowing it surpass important security measures of Android.

Skygofree has the ability to: capture video, take photos, record calls, text messages, geographic data, calendar events, and business-related information stored in device memory.

This malicious code also has features that have never been seen before like:

1. Automatically record conversations and noises when the malware operator controls the infected device into a specific location.
2. Steal WhatsApp messages by abusing Android's Accessibility Services, the application is designed to help disabled users or people who are temporarily unable to fully interact with devices.
3. Connect an infected device to a Wi-fi network controlled by an attacker.

In addition, the malware has other advanced features such as recording recorded documents on the device, recording Skype conversations, reverse applications that help malware executives have better control and control of infected devices.

Skygofree is considered to be on par with Pegasus software for Android, a spy platform developed by NSO Group based in Israel. Pegasus includes features: remote malware control via SMS, record documents typed on iPhone, screen capture, record and video and steal data from regular applications like WhatsApp, Skype, Facebook, Twitter and Viber.

Skygofree has a multitude of special abilities but retains the secret while operating. But this does not mean this malicious code is perfect. Kaspersky Lab conducted an examination of the versions of Skygofree and discovered the domain h3g.co, registered by the Italian information technology company Negg International. The company has yet to respond to an email asking for comment on this issue.

Kaspersky Lab said the malware spreads through landing pages that mimic the sites of Vodafone and other mobile operators. This malware is spreading widely in Italy.

The discovery of this spyware shows that we need to be vigilant before visiting each site, only installing software from official app stores after careful research.

See more:

1. The Chrome gadget secretly exploits virtual money, making it slow
2. Discovered a new line of malicious Android code that steals user data on the electronic application market
3. Detects malicious code showing porn ads in children's games on Google Play