Security researchers have discovered a new malware app that mimics webpages designed to look like those of telecom operators and tricks users into installing the APK, thereby compromising device privacy. Called Skygofree, the app is also capable of tracking the device location along with recording audio in certain places.
Kaspersky Lab discovered that Skygofree spreads from malicious webpages which promise faster network access. Once it lands on a user’s device, it possesses features which allows it to plug into apps including WhatsApp and Skype to snoop on conversations.
It allows hackers to access a lot of exfiltrated data, like call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device. Hackers could potentially take complete remote control of the device as well.
One of the most advanced mobile threats found: #Skygofree. Capable of taking pictures & video, seizing call records, SMS, geolocation, calendar events & business-related information. Read the full story over at @Securelist https://t.co/RAlNIYw5ab pic.twitter.com/JN7WRt57ho
— Kaspersky Lab (@kaspersky) January 17, 2018
The app was reportedly first spotted in 2014. However, in its current version, it has taken the form of an espionage tool than just a regular malware, Android Authority reports. It is believed to be sold by an Italian security outfit.
To prevent the malicious app taking over your device, avoid installing unauthorized APKs. In a case, you do end up installing it, it is still unlikely to infect the device immediately as it needs root on the device to spread its activity. The creators of the app have developed five known exploits to trespass your devices’ security.
The report says that Android has been patched to block these exploits for years and till the time the target phone is running an even semi-recent build of Android, Skygofree is unlikely to infect the device.