It was in early April 2017 that we learned about the most potent malware app for Android ever created, Pegasus, a sophisticated program that surpassed anything else available at the time when it comes to spying capabilities.
But forget all about Pegasus, as a new malware app was just discovered, and this one has “never-before-seen” spying capabilities.
Pegasus, first created for iPhone, is able to log everything you type on an Android device, capture video and audio, take screenshots, and copy other data from apps, including chat applications. The app can also be controlled remotely with commands sent via SMS texts.
First reported by Ars Technica, the discovery of the new app that beats Pegasus comes from Kaspersky Lab. Called Skygofree, the malware appears to be a surveillance app sold by an IT company in Italy:
The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform. As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations.
Skygofree uses five separate exploits to gain root access to the phone that allows the program to bypass Android security and then spy on the user in all sorts of clever ways. The latest version of the app supports 48 commands.
The app can take pictures and record videos, which is probably what you expect from spy apps. It also reads text messages, location data, as well as call records and other data stored in the phone’s memory. The malware also gives the attacker the ability of controlling the device remotely.
But the app has even more sophisticated features at its disposal, like automatically recording conversations that take place at a specific location. That’s sounds like really making the most of what the Android platform can offer users.
If you think encrypted chat apps are protected, think again. Skygofree will also read WhatsApp messages with the help of an Android Accessibility Feature that’s supposed to help Android users with disabilities. A Windows component, meanwhile, packs a keylogger and a mechanism that lets attackers record Skype calls.
Should the targeted device come within reach of a Wi-Fi network controlled by the attacker, it’ll connect to it automatically.
The app is spread using fake sites that replicate actual web pages belonging to mobile operators, including Vodafone, Three, and others. Paying attention to what kind of sites you visit and what apps you install on your Android phone should prevent infections. If you’ve been infected, make sure you check your Windows machines for any companion apps.
Skygofree already infected several Italian Android users and has been under development for some three years during which time it evolved considerably.