Kaspersky security researchers discovered a new android spyware named Skygofree which is capable stealing WhatsApp messages
Kaspersky security researchers discovered a new android spyware named Skygofree which is capable stealing WhatsApp messages.The malware was first found on 2014 and has evolved continuously from then on. Researchers described it as most powerful mobile implant they have ever come across containing features they have never seen before.In total, the spyware supports 48 commands, and some of the noteworthy features are the ability to steal messages via accessibility service which includes apps like WhatsApp, Viber, facebook messenger.
Read more on: RubyMiner Malware found Targeting outdated Linux and Windows ServersThe malware automatically records the surrounding audio and conversations using the microphone when the infected device enters the specified location Another feature is the ability to connect the infected device to the wifi networks managed by attackers.The other advanced features which the malware supports are the ability to steal encryption keys, ability to take pictures and videos, exfiltrate call records, calendar events, geolocation data, text messages and other memory information stored in the device.The attackers can control the infected device via HTTP, XMPP, binary SMS, FirebaseCloudMessaging or GoogleCloudMessaging protocols. It is also capable of enabling wifi and mobile data on request. The full list of commands that can beimplemented by the attacker can be seen here.The researchers also said that by analyzing the infrastructure and the malware code, the developers of the Skygofree spyware is an Italian company that works on surveillance products.Skygofree malware is spread via web landing pages that mimic as the sites of mobile operators. The domains have been registered by the attackers since 2015, and the campaign is still active.“The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform. As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations” said in the post published by Kaspersky Users are advised not to click or download any attachment or files from any unknown sources and always have an antivirus /antimalware tool which can detect and block these type of malware.
Read more on: Customers Report Credit Card Fraud after Purchasing on OnePlus Webstore