SkyGoFree , another hardcore android spyware!

In a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording and other features that have never been seen in the wild before.

According to Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. 

With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. 

Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, geolocation data, calendar events, and business-related information stored in device memory.

Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. 

A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers.

Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices and a command and control (C&C) server architecture. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.

This spyware contained several artifacts that provide valuable clues about the people who may have developed and maintained the code. Traces include the domain name h3g.co, which was registered by Italian IT firm Negg International.

In a nutshell, skygofree is able to:

• Keylogging
• Screenshot capture
• Live audio and video capture
• Remote control of the malware via SMS
• Messaging data exfiltration from common applications including WhatsApp, Skype, Facebook, Twitter, Viber, and Kakao
• Browser history exfiltration
• E-mail exfiltration from Android’s Native E-mail client
• Contacts and text message exfiltration

Skygofree is a reminder that so-called implant software sold to governments and police forces, sometimes in countries with poor human rights records, remains a threat to people using a wide variety of devices and operating systems. Users who think they're likely to be targets should always pay close attention to website addresses they visit and when possible install software only from official app stores, and then only after careful research.